Should Platform run on all nodes or should Platform run only on High Performance nodes ?

[qwizzie]

I am concerned about the negative feedback here. But I am also concerned that people for some reason think that there is some ill motivation at play. My role, and DCG's role is to serve the network. My incentives are that the Dash network does well. I am here in good faith to try to explain why a certain system might improve things, but I am not here trying to force anything down anyone's throat. I will do my best to respond to questions and rectify some things that were said in error.

So far the results of the poll inside DCG (it's the weekend):

All nodes running it : 0 votes.
4k collateral: 3 votes
10k collateral: 0 votes
4 or 10k collateral (doesn't matter): 2 votes
All nodes or 4k collateral: 1 vote
All options work for me: 1 vote

Ok, that does indeed establish censensus for the High Perrformance Masternode solution among the Dash Platform team so far (mostly for the 4K it seems)
Thank you.

Here's the thing, this change is somethings like 15 lines of code. We'll spend 1 hour on Monday writing it. I'll time one dev to see, so we can dispel any thoughts that it might delay anything.

With Glenn's (our ex CFO) departure I was forced to spend a considerable amount of time dealing with things like actually paying people, changing systems from Glenn to me and or other management. This was very time consuming on top of coding and a lot of other things. I'm not really trying to excuse myself, however there are only so many hours in a day, so I just was not on top of things on the core side. It is true that it's just terrible that v18.0.2 isn't out yet. I just had a call with the core payment chain devs. v18.0.2 will be out on tomorrow. v18.1 will be have a Testnet release on Monday. (Infra might deploy it on Tuesday).

Please also check how this affects voting in our governance model (4 votes instead of 1).
Looking forward to the release of the v18.0.2 hotfix on Dash Mainnet and hopefully a somewhat timely release of v18.1 later on.

 

[QuantumExplorer]

Why this discussion even takes place?

There is no reason to discuss this HIGHLY theoretical matter.
There is no platform in place.
There is no dapps in place.
There is no confirmed problems with the platform performance.
There is no data in place, confirming necessity to implement different type of nodes.

Don’t waste your time for the discussion that makes no sense at this moment. Focus your efforts on delivering platform to mainnet, using the existing network architecture.

Let's imagine just for a second that Platform were to go down taking down all nodes with it. Chainlocks would fail, IS would fail, Coinbase would no longer process deposits... This could be catastrophic. Most blockchains have glitches when they are released. So if I just release and see and then something bad happens, pitchforks will be out. I am proposing a high value extremely low cost option that allows us to release with the utmost safety.

 

[qwizzie]

Let's imagine just for a second that Platform were to go down taking down all nodes with it. Chainlocks would fail, IS would fail, Coinbase would no longer process deposits... This could be catastrophic. Most blockchains have glitches when they are released. So if I just release and see and then something bad happens, pitchforks will be out. I am proposing a high value extremely low cost option that allows us to release with the utmost safety.

Does this mean if masternode owners choose the 1K option (Dash Plaform on all nodes), there is actually a security risk or safety issue ?
I thought this topic is all about having lower fees / higher TPS or not, not about having an actual security risk or safety issue when proceeding as orginally planned.

Let me put this bluntly : If masternode owners vote for the 1K solution, is there a safety issue then at play ?
A safety issue different from any normal large Dash software update with a hard fork / spork in it ?

 

[QuantumExplorer]

Does this mean if masternode owners choose the 1K option (Dash Plaform on all nodes), there is actually a security risk or safety issue ?
I thought this topic is all about having lower fees or not, not about having an actual security risk or safety issue when proceeding as orginally planned.

Let me put this bluntly : If masternode owners vote for the 1K solution, is there a safety issue then at play ?
A safety issue different from any normal large Dash software update with a hard fork / spork in it ?

Well maybe I didn't touch on this enough during my presentation. And that's really on me. It's been talked about inside DCG so I should have included this aspect.

If a platform bug somehow completely takes Masternodes down (not just platform, but core too). In the "every node runs platform choice" that means pretty much all nodes would go down. In the 4k choice only 20% of nodes go down. In the 10k choice only 10% of nodes go down. So yeah one solution is quite a bit safer.

 

[qwizzie]

This just shows how important it is to do a Dash Platform security audit. Which was orginally planned and then later scrapped by DCG due to shortage of funding / reallocating that Dash Platform security audit funding to DCG Infrastructure.

Maybe we should rethink that DCG decision to not do a Dash Platform security audit.
Doing a Dash Platform security audit, would make the Dash Platform launch inherently more safe.

I am pretty sure if DCG puts out a request for funding of a Dash Platform security audit, it would meet little resistance.

One could even say that by not doing a Dash Platform external security audit, the responsebility in case of a major network threathening bug popping up at launch, will indeed rest solely on the Dash Platform team / DCG, regardless which solution we vote on.

 

[QuantumExplorer]

"reallocating that Platform security audit funding to DCG Infrastructure" -> Well it mostly went to the core audit. Which basically didn't reveal any security flaws that we didn't already knew existed (2 minor issues, we will get around to fixing them).

The reason why I don't think it's a good idea at this point to do a security audit of platform is that it will cost an arm and a leg, and will most likely reveal nothing. There are undoubtably flaws, but to find them you need the best. The best are running the blockchain projects, not doing audits. Frankly put I do not think an external team putting in a few hours here and there will be able to find stuff our team hasn't. Which is what happened in our core audit, we knew of all issues that they "found".

 

[qwizzie]

The difference between Core and Platform is that Core has been externally audited before, has been thoroughly analyzed over the years, has had developers who forked Dash chiming in from time to time on Github, while Platform consists mostly of new code that has never been audited before and does not get much attention from outside developers (i am not even sure they know where to find it).

Even Ethereum had their large update to Proof of Stake externally audited. Most projects externally audit their own very large updates that have such instrumental changes to their project.

 

[QuantumExplorer]

We are going to have each team rotate and review code that they never had seen before. I personally think this will actually work better than an external security audit, mostly because our teams will care more, whereas most external auditors are employees working on multiple projects at once. Passion coupled with intelligence goes farther than doing things to make things "look" better. An external audit imo would just give a false sense of security if nothing was found.

A better security model is being able to prove mathematically that nothing can go wrong. Which is what we are trying to achieve for example with the sum trees (A Dash invention) which will make inflationary bugs pretty much impossible.

 

[qwizzie]

We are going to have each team rotate and review code that they never had seen before. I personally think this will actually work better than an external security audit, mostly because our teams will care more, whereas most external auditors are employees working on multiple projects at once. Passion coupled with intelligence goes farther than doing things to make things "look" better. An external audit imo would just give a false sense of security if nothing was found.

A better security model is being able to prove mathematically that nothing can go wrong. Which is what we are trying to achieve for example with the sum trees (A Dash invention) which will make inflationary bugs pretty much impossible.

Why not do both ?

Do an internal security audit through internal team rotation
Do an external security audit through a third party ?

I really don't understand the hesitance to doing an external security audit of Dash Platform, are the devs that confident that they will find all the bugs ?
To me it comes across as overconfidence in the team's own capabilities of finding all the bugs and underestimating possible bugs at launch they simply did not think of.

There was a reason that a Dash Platform security audit was initially planned, did that reason suddenly became obsolete ?
Its just weird in my eyes, the motivation of DCG for not doing a Dash Platform external security audit.

Anyways with DCG not willing to do a Dash Platform external security audit, it makes any possible safety or security issue at launch much less of an issue for masternode owners to take into consideration, for any of the three solutions they will have to vote over.

It will automatically fall under the DCG responsebility, because DCG explicitely did not want to do an external security audit of Dash Platform.

 

[QuantumExplorer]

The hesitance is because the best quote we got for a partial review was 120k USD. That's about 3k Dash. Second factor is that takes a lot of time to find the right firm, make sure they are up to the task, then have many many calls to make sure they understand things. This all introduces delay, and imo for nothing, as we are better served with internal audits + bounties for finding issues. I basically don't want to waste time and money.

 

[vazaki3]

Are you saying we are not allowed to propose software that would restart the network if it came under attack? What's your alternative?

The "attack" occurs due to your bad design and your centralized protocol. You have to design a smart decentralized protocol , that prohibits both such attacks and the DCG softwate patch centralization.

Additionaly, we are not talking about ordinary software patches. We are talking about the ability of the DCG to BAN legitimate masternodes , that are simply playing under the rules that the DCG set. It is extremely dangerous to allow DCG to have such power.

My alternative? Steps towards true decentralization.

• Increase the number of masternodes that participate in the DashPlatform.
• Investigate individualities (based on voting behavior maybe?) instead of increasing or decreasing the collateral fee. Take aim at the true decentralization (based on proof of individuality) and NOT at the fake one (based on collateral fees).

And by the way, there are alternative solutions that reside in between the "masternode solution" and the "High performance masternode solution".
For example, the megawhales that own many masternodes, should be allowed to maintain only ONE DashPlatform database. That way the databases' replication is reduced, and thus the fee is also reduced. This will result for Dash to have approximately 127 DashPlatform databases, a similar number to the 100 databases that the "High performance masternode solution" is planning to have.
But the 100 databases of the "High performance masternode solution" are not similarly decentralized as the 127 databases of my plan are. Because in my solution the decentralization is achieved due the separate individuals that are holding these databases. Decentralization based on proved individuals is a real decentralization, in contrast to the fake decentralization based on collateral masternode addresses.
Why nobody proposed such a solution? Who insists of reducing decentralization or introducing fake decentralized solutions?
If you add a poll, please add my solution in the poll options.

By the way, are you aware of the Tezos governance model?
The Merge? Proof-of-stake is old news. - YouTube
Are you aware of the Kleros and of the Proof_Of_Humanity governance model?
Proof Of Humanity proposal: [Phase 2] HIP-72: Grant to fund a PoH airdrop solution (snapshot.org)

 

[QuantumExplorer]

Additionaly, we are not talking about ordinary software patches. We are talking about the ability of the DCG to BAN legitimate masternodes , that are simply playing under the rules that the DCG set. It is extremely dangerous to allow DCG to have such power.

This is ridiculous, the nodes went offline, we are not banning them. We are just telling platform to use a new quorum from core (that we won't choose). This could be done through software, but it's quite complicated to do so best not to have a delay in release.

Now if some nodes representing more than 1/3rd of the network were actively being malicious we would propose software that would ban them from consensus effectively for a week. But it's up to the network to decide if they want to run that code so platform can start again.

Remember this would be an actor or actors having more than 330K Dash and actively trying to bring down the network. Most other chains would slash them. Mind you this is extremely theoretical.

What you should takeaway is that DCG can't do anything unilaterally, we don't have that power. All we can do is propose to the network the possible options.

You also seem to believe that this can not happen in the all nodes run platform solution, where it can as well, it's just slightly harder to achieve.

 

[vazaki3]

Remember this would be an actor or actors having more than 330K Dash and actively trying to bring down the network. Most other chains would slash them. Mind you this is extremely theoretical.

Binance has 270K of Dash.
August and weeJhonny (probably related eachother?) have 318K Dash.
And what about this one? 422K Dash.

So it is not extremely theoretical, we do have such wallets.

 

[QuantumExplorer]

Binance has 270K of Dash.
August and weeJhonny (probably related eachother?) have 318K Dash.
And what about this one? 422K Dash.

So it is not extremely theoretical, we do have such wallets.

Okay, 330k is the strict probabilistic minimum and I guess I should not have said it. It's probabilities, and you need about 1/3rd of the network to carry out such an attack. Collateral for Platform nodes would be at around 1.8M Dash. So you would need around 600k Dash (probably more like 500k because of probabilities of masternode inclusions into quorums that can we waited for), only to stop the network, hurt your customers and gain nothing, except maybe hurt the chain for a few days. The payment chain would continue unaffected.

 

[kot]

Let's imagine just for a second that Platform were to go down taking down all nodes with it. Chainlocks would fail, IS would fail, Coinbase would no longer process deposits... This could be catastrophic. Most blockchains have glitches when they are released. So if I just release and see and then something bad happens, pitchforks will be out. I am proposing a high value extremely low cost option that allows us to release with the utmost safety.

Sam, this is ridiculous way of thinking in the software industry. You can imagine probably 10 more scenarios when something could go wrong. This is normal and shouldn’t stop any company from building and releasing products. Risks are always in place and they should be simply assessed and mitigated.
There is no perfect software and there won’t be. Platform doesn’t have to be perfect, but it has to exist in a first place. This is critical! We don’t need perfect, extremely secure platform. We need platform released!

Don’t waste your time on this or any other revelation, just finish and release the damned platform quickly.
I don’t think you have a luxury of more delays - I am aware of at least 2 MNOs, who won’t support DCG proposal anymore in case the platform isn’t released by the end of the year. I am also considering the same decision.

 

[QuantumExplorer]

Sam, this is ridiculous way of thinking in the software industry. You can imagine probably 10 more scenarios when something could go wrong. This is normal and shouldn’t stop any company from building and releasing products. Risks are always in place and they should be simply assessed and mitigated.
There is no perfect software and there won’t be. Platform doesn’t have to be perfect, but it has to exist in a first place. This is critical! We don’t need perfect, extremely secure platform. We need platform released!

Don’t waste your time on this or any other revelation, just finish and release the damned platform quickly.
I don’t think you have a luxury of more delays - I am aware of at least 2 MNOs, who won’t support DCG proposal anymore in case the platform isn’t released by the end of the year. I am also considering the same decision.

I am doing everything in my power to release as fast as possible. What incentive do I have to delay releasing? None. What incentive do I have to release? Well quite a lot. Glory, fame and the project succeeding. This is what I want. But at the same time we can't destroy such a monumental effort because a few people are tired of waiting and refuse to talk about the starting parameters of our system.

 

[kot]

@QuantumExplorer I wouldn’t be so sure about the fame and glory - not in this situation. I hope you don’t work for fame and glory anyway (because most likely you won’t experience any in this industry).

I don’t suggest you have any incentive to delay the release. I rather think you fear releasing because it would eject you and other developers from the years of development comfort zone. But at the same time, I am pretty sure that market will be much more forgiving if you actually release the imperfect product, comparing to another delay and more excuses In search for better, faster, more secure product.

If you listen only to yourself or those, who are tapping you on your back, you won’t succeed.
Pay attention to the opposing voices and different opinions - only there you can find a real picture of the situation.
Good luck.

 

[QuantumExplorer]

If you consider yourself the opposing voice in this scenario. Try to imagine yourself in my scenario. You talk about a comfort zone. You think it's a comfort zone when Glenn has left and I need to take control of the bank accounts in order to actually have people paid? Do you think it's a comfort zone when I'm being attacked on this forum for bringing up what I think will be the most secure and fast way with lowest fees ensuring success? Do you think it's a comfort zone when I'm the only one in our team who can actually do some of the coding work with all others burned out on some parts? No, this is not my comfort zone. But it is what I must do because failure is not an option.

 

[qwizzie]

Here is another opposing voice : if this crypto project indeed goes towards much more centralization and less security (as mentioned in the presentation with regards to Platform Security) in favor of very low Platform fees, then i don't see myself supporting DCG budget proposals anymore. Because in my view this project is then being actively steered into a very wrong direction.

 

[QuantumExplorer]

Here is another opposing voice : if this crypto project indeed goes towards much more centralization and less security (as mentioned in the presentation with regards to Platform Security) in favor of very low Platform fees, then i don't see myself supporting DCG budget proposals anymore. Because in my view this project is then being actively steered into a very wrong direction.

So you would vote down DCG because we asked the network what they preferred?

Security is something that few truly understand. I believe it's because of the term security that might mean one thing to cryptographers and something else to people investing in crypto. All of these systems have very close to the same likelyhood of someone taking your Dash or your credits, about the same chance that I am really Santa Clause. This is a difficulty harder to attain then actually taking control of the full payment chain with chain locks and way harder than almost all the competition. When we have been talking about security we were talking about any negative action, yes some scenarios do offer the chance that a few top whales could collude and stop the platform chain, that we could then reboot pretty quickly.

At the same time we have added security from the 4k and 10k systems that the payment chain can not be hurt by an attack on Platform (which imo makes the 4k/10k system more secure). I really should have driven this home more.