Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Feb 28 2019 19:45
    @Arachnid banned @merkle_tree_twitter
  • Feb 17 2019 00:56
    @jpitts banned @Aquentson_twitter
  • Apr 09 2018 04:14
    @holiman banned @JennyJennywren_twitter
  • Oct 21 2017 19:12
    @Arachnid banned @Musk11
Dan Guido
@dguido
It should not be a bug bounty
Corey Petty
@corpetty
panvala? they're an effort to get people behind funding community security initiatives
Micah Zoltu
@MicahZoltu
@NoPlayerOne_twitter The smallest change possible is to simply change the HF block number. Since we only have ~30 hours left, we want to minimize the chances of complication, which means just changing the block number.
Dan Guido
@dguido
It needs to get funded.
You won't be certain that anyone looked at anything, or that people with the right qualifications and expertise reviewed the EIP if you're not paying for it.
Nick Johnson
@Arachnid
@MicahZoltu I believe future HFs are already covered by the bounty.
Dan Guido
@dguido
This may be a useful read on the effectiveness and limitations of bug bounties: https://blog.trailofbits.com/2019/01/14/on-bounties-and-boffins/
Micah Zoltu
@MicahZoltu
Hmm, OK. Maybe we should just ask ChainSecurity what caused them to review in the 11th hour, and what could have caused them to review sooner?
Could be a good anectdote at least.
Dan Guido
@dguido
If they were paid
People at security firms have a huge amount of work to do at any given moment, research we want to make progress on, clients that need help, code that needs dev, etc etc
There is time in the margins, but even that is subject to intense prioritization
Hudson Jameson
@Souptacular
If people start getting in touch with major stakeholders and exchanges please add them to this list: https://docs.google.com/spreadsheets/d/1GS98k8YosBsqV1UVq57vX-PTOUAcCCcRjJ847H8Y4hw/edit#gid=919960290
Matthias Egli
@MatthiasEgli_twitter
Thanks @dguido, out of my heart. We are already spending quite a lot of effort and time on the research part and on the side trying to figure out how to run a StartUp funded from the money saved during PhDs. Successful so far also thanks to the great open-source work of the community, but there is not a lot of time left at the end of the day. Happy to share the crazy last two days next time at Devcon / EthereumCC though :)
Micah Zoltu
@MicahZoltu
@Souptacular Sadly, it appears someone vandalized that document. :/
I believe Google Drive has administration tools to deal with that?
Hudson Jameson
@Souptacular
Who created that document?
Micah Zoltu
@MicahZoltu
I think @tayvano?
Chase Wright
@MysticRyuujin
Ubuntu PPA updated for Geth, running new version now
IcoCryptex
@IcoCryptex_twitter
icocryptex.io has been updated for Geth new version as well.
5chdn
@5chdn
@IcoCryptex_twitter thanks, noted
Jaap Buurman
@Mushoz
Is there a place where it's being discussed how we are moving forward? Will the EIP be removed and the hardfork be deployed with the remaining EIPs included? Or will the buggy EIP be fixed?
Micah Zoltu
@MicahZoltu
@Mushoz The current plan is to focus on getting through the non-fork, and then evaluate next steps after that.
So for the next probably 3 days or so everyone will be focused on ensuring Constantinople doesn't happen and we don't end up with a chain split.
Jaap Buurman
@Mushoz
@tayvano the google sheet is getting vandalized : /
@MicahZoltu The coming ~30 hours, right? Since that's when the hardfork would actually occur
Micah Zoltu
@MicahZoltu
Yeah, but there will probably be effort after that as well to deal with anyone who didn't get the memo in time.
And hard forks always have some amount of complexity with them (nothing ever goes perfectly), and then the core dev team will need to sleep. :wink:
All in all, I'm guessing 3-4 days before the not-fork is behind us and everyone is ready to discuss next steps.
localethereum.com
@localethereum_twitter
LocalEthereum has upgraded our geths. Waiting for a new release to upgrade our parity nodes
Holger Drewes
@holgerd77

@MicahZoltu I think one part of the story might be the not-so-long-yet availability of Constantinople dev tools. We released the EthereumJS Constantinople VM 22 Nov 2018, it took Truffle some time to integrate and the first Constantinople-ready Ganache version came out just 6 days ago. Since ChainSecure uses this first beta to test the vulnerability my assumption is that these releases might have triggered experimentation, will investigate this further.

One outcome of this might be to take dev tool readyness stronger into account when planning a hardfork date, and make release of the 2-3 most used tools (and not just the VM as some base layer) a precondition for some date settlement.

localethereum.com
@localethereum_twitter
What's the ETA for Constantinople now? Couldn't we just remove the one EIP and proceed?
Micah Zoltu
@MicahZoltu
@localethereum_twitter No ETA yet, current focus is on not-forking in ~30 hours. After that is done core devs will evaluate how to proceed with Constantinople and when. Just removing that EIP may be the ultimate solution, but on a short timeframe it was deemed prudent to take the simplest path, which is to not fork at all.
localethereum.com
@localethereum_twitter
IMO it would be helpful to know who made the decision (e.g. who voted for it & who was included in the vote)
Micah Zoltu
@MicahZoltu
I suspect we'll see more details and a retrospective in the days to come. The short answer is that the issue was brought up by ChainSecurity, the available core devs discussed it here and in a call and made the decision to advocate for a cancellation of the hard fork.
Unfortunately, due to the time constraints, there wasn't a lot of opportunity to reach out to a wide audience and have an extended debate about the merits of the various options.
In this case, a decision was made to err on the side of caution in light of the new information provided by Chain Security.
Piper Merriam
@pipermerriam
Someone could take the chat history from this channel for the day and distil that information out of it if they wanted to
Steven Schroeder
@schroedingerscode
@pipermerriam Yup. There are circumstances when decisions have to be made quickly to lessen felt impact and this was one of them. The easiest, least risky change was changing the block number and available devs agreed.
Aron
@cobordism

It should also be noted that even though there were risks in going ahead with the fork and risks in delaying the fork, there was an asymmetry in timing. The closer we get to the time of the planned fork, the harder and riskier it is to call for a postponement.
As such the decision to delay the fork had to be made really quickly. This undoubtedly played into the decision tonight.

It was simply not feasible to spend 12 hours investigating / discussing because by that time (less than 24 before the fork) a delay may no longer have been possible.

localethereum.com
@localethereum_twitter
Fair, thanks. Looking forward to the retrospective. Maybe we'll see a new & improved plan for the next urgent fork/non-fork (which hopefully never happens)
I'll contact whoever I know & get those nodes upgraded 👍
Micah Zoltu
@MicahZoltu
Thanks @localethereum_twitter!
Chris Hobcroft
@chrishobcroft

I've created a github issue, designed to capture questions and comments which cannot be addressed right now, but which would be valuable to discuss during a post-mortem.

ethereum-cat-herders/hard-fork-checklist#1

Thank you for your contributions and patience.

Hex Capital
@Hex-Capital
Thanks @5chdn and the Parity team for quick turnaround!
Phil
@phillux
also 2.3.0-beta here (release notes coming soon): https://github.com/paritytech/parity-ethereum/releases/tag/v2.3.0
Phil
@phillux

@Souptacular since all the updated versions are released, we should update the blog post to reflect that. I recommend changing:

"Miners, Exchanges, Node Operators:

  • Update your Geth and/or Parity instances when they are released.
  • These releases are not released yet. We will update this post when they are available.
  • Links and version numbers and instructions will be provided here when they are available.
  • We expect to have updated releases in 3-4 hours from the time this blog is published."

to
"Miners, Exchanges, Node Operators:

  • Update your Geth and/or Parity instances to the updated versions using the links below"
Noel Maersk
@veox

@5chdn - from "1 TB yet" node:

Constantinople will activate on Sunday 8933219337287-04-06 21:19:17 UTC.

Do you have a stand-alone estimator, perhaps? Or a node you won't be upgrading? (The archive node's page is inaccessible, BTW.)

Please keep it low-priority, though. ^_^

Hudson Jameson
@Souptacular
@phillux good idea. I can do it later. I'm about to start playing with my tabletop RPG group.