Let’s start our week with an amazing Grin! Their development is stable as always. Decision-making via online meeting seems to be extremely productive. The latest dev meeting points included v2.1.0 development, audit findings that have been fixed, the decision to add security canaries and therefore remove Igno from the security contact list, discussion about open RFCs. By the way, the next release v2.1.0 is on track, all issues in the milestones have been resolved, and the initial beta version of the node was out last week; the major release is going to happen during the week of 14th October. There are 98 open issues in /grin, and 30 open issues in /grin-wallet; merged PRs: 8 in /grin, 4 in /grin-wallet with 3 unique contributors. A dedicated repo for security was created to keep track of keys, incidents, audits, canaries, and more. Experimental TOR hidden services support is being introduced to grin-wallet.
Moreover, the fundraising sub-team was announced, with Robert Nass taking the lead on raising funds for long term continuity of Grin development. The governance meeting discussed grincon1, which will happen on the 22nd November; the site redesign work was reviewed, the process for how to publish the security audit findings was agreed on, and the proposal to hire a cryptographer was evaluated. Poloniex Exchange has made the 7th donation to the Grin General Fund as part of the year-long commitment to support open source development of the Grin ecosystem.
Grin keeps inspiring the team and community members. Hashmap created a marvelous video on Building Grin, where one day equals one second of video. The Chinese community Gringotts organized Full Node Day to encourage more users to run full nodes. Grin Talk released a video with recommended sources on Grin. To keep you updated, Daniel Lehnbers shares weekly newsletters — don’t miss them! The number of subscribers in social networks increased. Become a Grin fan with Paradigm Fund!
And the message for Ignotus Peverell from the Grin team:
“Igno — if you’re reading this, the grin-tech.org domain has expired. Please get in touch with us or renew the domain. We’re working on mitigations but would still like to retain control of URL. Hope you’re well and that we’ll see you soon again, you’re missed!”
Development
Motivation
This was triggered by this PR: Implement security-process RFC #3009
When adding canaries, doing it in the SECURITY.MD document itself makes it messy for reviewers to verify, and difficult in general to keep track of historical canaries. It’s preferred to keep the canaries as .txt files, but it doesn’t make sense to do that in the node repo.
A dedicated repo makes it easier for them to keep security-related data in one place. Right now for example, the libsecp audit is stored under /site/audits 1 which probably doesn’t make a lot of sense.
Proposed contents of /grin-security
- audit reports
- canaries
- pgp keys
- CVE incident details
They’d probably keep SECURITY.md 1 in the /grin repo as is, in order to take advantage of the GitHub feature of displaying the info to users when opening an issue. But they’d link to it from the security repo and from grin-wallet as well, and anywhere else it is relevant.
An example of a security repo used in other projects is available via the link.
- fix: Add some more stats to basic status page of TUI (disk usage, chain timestamp, tx pool size) #3046
Joseph Goulden added some more stats to the basic status page of the TUI to help node operators.
- Disk usage measured in GB
- Chain tip timestamp
- Tx pool size
- Stem pool size
He has run this against mainnet and everything appears to be updated in real-time as expected.
“Decent couple of weeks of fun and progress
First off, all of the issues for the 2.1.0 1 release on the wallet have been closed off. I’ve done a first pass at a beta 1, but several issues have come up between the node and the wallet, so will likely be a couple of days before they urge everyone to start trying it out.
Secondly, the subject of transaction exchange has been at the forefront in recent discussions, and if you’re at all interested you can see the entire colourful history in the keybase tx_exchange channel. To summarize my current position on this (which I think is basically the majority consensus most participants in the channel reached independently:)
Mixnets look great on paper, but most of them are purely academic, untested, and don’t actually exist
i2p looks good in theory as well, however:
it uses a lot of outdated cryptography
The project doesn’t appear to be particularly well maintained or have a lot of direction
Stopping and starting i2p nodes in the way a wallet needs adds to instability in the network
Tor isn’t perfect either, but as outlined in @david’s RFC 1, onion services give a logical manner of creating verifiable addresses unlinked to IP addresses or other identifying information, alleviates firewall issues and gives much better privacy then they have now (pretty much none over http).
There are still a lot of potential issues with Tor as the only method of transaction just yet, namely the fact it could be very difficult to get it working on mobile (iOS in particular,) and it’s not a great choice for node p2p communication. There are also installation and bundling issues, which could be annoying to maintain but not insurmountable from a technical perspective. However, of all of the ideas presented this one give some very tangible benefits, and has the big advantage that the Tor network exists and is usable today. So I think it’s therefore very much worth exploring to the fullest to see where they can get with it. I absolutely cannot promise right now this will become the only method of exchange, but it’s definitely a promising approach.
So that’s brings us to the Experimental TOR PR 5
I’ve been working on over the past few days. It’s at the point where it works with a lot of manual setup, but it looks promising, and I look forward to seeing how they can deal with the outstanding issues over the next couple of weeks. If you’re at all interested in this method of exchange, we’d very much appreciate if you could give it a try. I’d hope to merge the work there into master once 2.1.0 is out (as it still remains very much optional,) but for now, the instructions are all in the PR
Will have more to say on the particulars of the Tor integration over the next few weeks. Time for weekend, I think.”
Dev
- There are 99 open issues in /grin, and 31 open issues in /grin-wallet.
- Merged PRs: 9 in /grin | 2 in /grin-wallet | 5 unique contributors
Governance
- The governance meeting discussed grincon1, and the bootstrapping of community & moderation sub-teams.
- Request for funding proposal to hire a full time cryptographer, to be discussed in the next governance meeting.
RFCs
Draft
- Relative kernels [node-dev]
- Asynch Transacting via Relays [wallet-dev]
- Multiple named wallets [wallet-dev]
Open
- Online Transacting via TOR Hidden Services [wallet-dev]
Final Comment Period
-
Accepted
- Variable size kernels [node-dev]
Closed
-
Dev
- There are 98 open issues in /grin, and 32 open issues in /grin-wallet.
- Merged PRs: 5 in /grin | 0 in /grin-wallet | 3 unique contributors
- Next release: v2.1.0
- Beta: Week of Sep 30
- Release: Week of Oct 14
- Milestones: Node | Wallet
- As part of transaction building research, they’re collating research papers on mixnets and ACNs in one place.
RFCs
Draft
- Relative kernels [node-dev]
- Asynch Transacting via Relays [wallet-dev]
- Multiple named wallets [wallet-dev]
Open
- Online Transacting via TOR Hidden Services [wallet-dev]
Final Comment Period
-
Accepted
-
Closed
-
Dev
- There are 98 open issues in /grin, and 30 open issues in /grin-wallet.
- Merged PRs: 8 in /grin | 4 in /grin-wallet | 3 unique contributors
- Next release: v2.1.0
The release is on track, all issues in the milestones have been resolved, and the initial beta version of the node was out last week. Expect updated beta releases everything as planned. - Experimental TOR hidden services support is being introduced to grin-wallet.
Governance
- In the last governance meeting, the site redesign work was reviewed, the process for how to publish the security audit findings was agreed on, and the proposal to hire a cryptographer was evaluated.
RFCs
Draft
- Relative kernels [node-dev]
- Asynch Transacting via Relays [wallet-dev]
- Multiple named wallets [wallet-dev]
Open
- Online Transacting via TOR Hidden Services [wallet-dev]
Final Comment Period
-
Accepted
-
Closed
-
- Development Agendas & Meeting notes
Meeting Notes: Development, Sep 17 2019
- Retrospective
- Release planning
Target release dates
Beta: Week of Sep 30
Release: Week of Oct 14
v2.1.0 Milestones here and here.
- Status of open RFCs
- Transacting via Tor Hidden Services
- Security
- Audit status
- Canaries
Agenda: Development, Oct 01 2019 #193
- A yeasty reminiscence
- Agenda review
- Action point follow ups from previous meetings
- Ignotus removed from security contacts?
- Canaries set up?
- 2.1.0 betas out?
- Security review status
- Status of open RFCs
- Planning
Social encounters
- 9/20/19- Privacy coin news. Grin Medium updates, Grin and Tor! Grin Development. — Check out the amazing video!
Grin Talk recommends our updates!
- Hashmap tweeted “Building Grin. 1 day = 1 second of video. I got tired of watching it, imagine really doing it.” Watch the amazing video via the link.
- Grin x-posting to the http://bitcoinhackers.org Mastodon instance via grin@bitcoinhackers.org. Check the link.
- #64: Android wallet — News
- Ironbelly has launched on Android, still in beta, but on mainnet.
- Community sub-team has just been announced, join and be a part of organising grincon1.
- @garyyu announced a shift of focus towards a new grin fork that aims to be a blockchain for non-collateralised stable coins. As part of that, Gary also resigned from the Grin core team, but will still be contributing towards the project.
- #65: Full Node Day — News
- The Chinese community Gringotts 古灵阁 organised Full Node Day to encourage more users to run full nodes. Overview in English, and full details in Chinese.
- Photos and some details (if you squint) from an event booth about the Avalon Grin G1 Asic miner, allegedly due by end of October.
Upcoming events:
- Oct 4–6 2019, Prague, CZ: @kargakis at #HCPP19
- Nov 22 2019, Berlin, DE: grincon1 (venue tbc)
Finance
Grin has no accounts and no addresses.
- Poloniex Exchange has made the 7th donation to the Grin General Fund as part of the year-long commitment to support open source development of the Grin ecosystem.
Partnerships and team members
With regards to partnerships, they have no partnerships at the moment, and no foreseeable plans to establish any.
Why have a fundraising subteam?
This team arose from the need for capital to further the process that is necessary to make Grin successful.
To date, Grin has been very fortunate to receive some very generous donations from supporters 3 in the community. These donations have allowed the project to have funding covered in the immediate short term. But a steady stream of new funds is needed to support Grin for the many years to come and to make it succeed.
It is truly remarkable to see what Grin has achieved in a short time and with a very limited amount of resources. While capital does not directly translate into better performance, the hope is that by improving the financial position of the project, it will continue to make progress and remain sustainable as an independent, community-driven, open-source project.
Rumors
No updates.
About Grin
Social media metrics
The graph above shows the dynamics of changes in the number of Grin Facebook likes, Reddit subscribers and Twitter followers. The information is taken from Grin coingecko.com.
