Devcon 4 report: Day 4

Previous days:

Today is a shorter update. I spent a lot of time in meetings with different tools teams (Truffle, Zeppelin, EthPM) about how to better do contract upgrades in a DevOps manner. Expect more from me once I get it working and write it up 😉

Internet archive

Brewster Kahle

Distributed web version of IA
https://dweb.archive.org

Told a story where back in the day they started taking Bitcoin, so they had some young guy come in and help them set up their initial wallets. It was Vitalik 🙂

Instead of the world wide web where we have lots of blogs, everything has collapsed into Facebook and Twitter. People are building castles. The web is being turned into a global surveillance tool
Internet Archive is getting involved in the decentralised world to help try and affect change.
The goal is: Universal access to all knowledge. Want to be the library of Alexandria version 2.

He loaded up https://dweb.archive.org
Showed that the first HTML page is a bootloader. Loads up the JS libraries to access IPFS, torrets.
Browsed around the site, loaded videos. It all just worked.

Benefits:
More privacy. Reader privacy, and no third party storing of data.
People being rounded up based on what they’ve read, has always led to bad things.

13 challenges (I missed some)

  • Naming of decentralised websites
  • Permissions, auth and key management
  • Identity & reputation
  • How do you manage & name mutable data at scale?
  • The web beyond advertising: who will pay for what and how.
  • How do we make the decentralised web work in browsers today
  • Storage in the DWeb
  • Governance in the DWeb
  • Defining D-terms
  • Rethinking UI and UX for a decentralised web

Money is the killer Ðapp: crypto in Venezuela

Venezuela has issues with their currency and government controls and corruption.
Bitcoin is the most liquid in Venezuala, about $1m being traded a day.
Crypto is being used for:
Earning across borders.
Storing value (safer than banks)
Defeating extortion, when crossing boarders.
Providing aid to families in different locations.
Open money initiative. They have a wiki for Venezuelans to use and learn how to use crypto
https://www.omipedia.org/

Self-Sovereign Sexuality

Ameen Soleimani, Chelsea Palmer

Will talk about how the Ethereum community, and the sex worker community are aligned. It was easier to just take a photo of each slide for this talk, as they have written down for each aspect how they are alike.
Where is blockchain adoption going to happen first? He realised that this community that has been ostrasied from traditional financial system was a great place to start.

Ameen:
About a year ago, he was feeling pretty depressed. Wasn’t spending time on Tinder because he was working a lot. He wasn’t having luck talking with girls and was getting more and more nervous over it. He had a lot of money and was lonely, so started looking up sex workers in his local area. Made a meeting with a local escort. But when he went to get cash out, he was at his daily ATM cash out limit. He couldn’t get enough money out and had to change his 2 hour apointment down to 1 hour. He met the escort, talked about crypto, got her on board, and paid her by cypto.
Morality does not equal legality.

Chelsea:
Was a sex worker. Wish she had crypto back when she was working. Now she is a crypto educator.

clip_image001

Needing to trust and verify.
Vetting a new client for first time, need to get a referral from another escort. Difficult for 1st time customers.
clip_image002clip_image003

Sex workers are cypherpunks. They use proton mail, loads of crypto currencies.
clip_image004clip_image005clip_image006clip_image007

Sex workers can be immediately blocked by most traditional financial systems.
Sex work criminalisation, currently stops sex workers from calling local police if they have things to report. As it is more likely that they will just be arrested than helped.
clip_image008clip_image009clip_image010clip_image011

Advertisements

Devcon 4 report: Day 3

Previous days:

 

Building the Ecosystem for the Next Wave of Users

Cryptokitties

Creating a story and personality for what you build
They found that adding a background and story behind the cats helped with the adoption. The breeding concept gave a good anchor point.

clip_image001[1]

Users were burning gas without realising. Were sending 10x more gas price than required.
User education and guidance was required quickly after launch to help teach.
Adding more feedback after a transaction to the user to make them more comfortable. Sending emails when things happened and what will happen next after breeding cats.
-Users need guidance when they’re in unknown territory.

clip_image002

Teaching a user that is interested in the service, that they need something called a wallet, they need cryptocurrency. Bit of a learning curve.
People came to the service because they wanted to buy cats. But now they’ve got a PhD in cryptoeconomics, which is not what they were after. Created a massive drop off rate of new users through the signup process.
clip_image003

 

Making the Web Distributed Despite Itself

Dietrich Ayala, Mozilla

“We are committed to an internet that promotes civil discourse, human dignity, and individual expression”
What does it take to be a 100 year organization.
The web is ~25 years old, and its not going to well. Being used a misinformation platform, fueling hate.

There is WAY more information and web apps available online via web browsers, than there are available via apps on iPhone & Android (~5 billion pages).
URLs are what made the web powerful and universally accessible. Urls are understood by technology people, but “normal people” don’t really know what a web browser is, or where things are stored. Same with domain names.

What does re-decentralizing the web look like?
Current web is centralised. Browser request, response. Easy to censor.
All the power resides on one side, on the server. The browser doesn’t have any say.
While we have that centralisation chokepoint, we won’t be able to get away from centralised services like Facebook.
clip_image004

How do we go about creating a decentralised browser to give control back to users?
Need to think how to build things for century long longevity. Whatever we build now will need to be supported.
Start with protocol primitives that can be built up on.
clip_image005clip_image006

How do we get those lower primitives prototyped and built, so others can start building higher level primitivies
As a browser vendor they could do it as part of the browser engine, or JS APIs, or extensions. Makes sense for them to do it via extensions, to give everyone a bit more flexibility while experimenting

Announcing libdweb extension
https://github.com/mozilla/libdweb

clip_image007

IPFS team took it, got IPFS running in it. Got IPFS running completely within a browser.
But now they have a bunch of new things they need to think about. What is the origin of a website loaded by a IPFS hash. This has an impact on local storage, cookies, certs, etc. What is the threat modelling for this.
clip_image008

Use what you make, if you don’t use it why would others. Build for the long web. The web was (originally) built with redundancy built in. Are there multiple implementations of your software.
clip_image009

 

Privacy for Everyone, Recent advances in privacy

Zookoo Wilcox, Zcash

Released Zcash 2.0, 4 days ago. “Sapling”
They reduced the time complexity required to generate a ZK proof down dramatically. Should enable them to be generated on a mobile phone now.
clip_image010

They did this by replacing the hash function that is used when creating a ZK circuit.
This reduced the time required by 75%. Took it from ~40secs to 10secs. But still too much time. So replaced some of the ECC functions used to reduce to 5 secs. Then did split circuit design to half it to 2.3 seconds.
clip_image011

One of the troubles they have had, is ZK-SNARKS required the “toxic waste” which was the secret string to provision the system. They went through an elaborate ceremony to create it to try and ensure that it could never be created by any 1 person at any time. But still has a cloud over it as you can’t convince everyone of it.
ZK-STARKS doesn’t have any “toxic waste”. But the proof size is orders of magnitude too big to be used in a blockchain in every single transaction.
clip_image012

They could try changing their Blockchain away from Bitcoin software based, to make it higher bandwidth so they could put in STARKS.
clip_image013

Regulatory
Common thoughts are “regulators are scared of privacy” and don’t like things like zcash. But the regulators in USA have been fine with it.
New York requires cryptocurrency companies to register for a “Bit license”. Zcash is the 7th cryptocurrency that has been explicitly approved to be used and traded, and they called out the privacy preserving aspects.

Previously SSL encryption was scary and governments were worried that it could be used by criminals, but is now required by governments. Blockchain encryption will probably be the same thing.
The regulators even told them “We don’t want the pocketbooks of our children and family open to everyone on the internet”
It is not okay for our society to go down the path where everyone’s privacy is read by 2 or 3 centralised services, it is wrong and dangerous.

 

Lex cryptographica : the legal challenges of new blockchain-based lifeforms

Primavera De Filippi

Properties of Blockchain:

  • Blockchain is a decentralised database
  • Networks are global and transnational
  • Blockchain is resilient
  • Tamper resistant
  • Transparent
  • Non-repudiable (need to use private key, can’t deny it later)
  • Pseudonymous
  • Guarantee of execution

Blockchain code can be written to include traditional law, it only cares about what the code says.
Code is trustless and allows disintermation and autonomy.
Conflict between the rule of code, and the rule of law
clip_image014

Governments use the law to put pressure on centralised companies via regulators to say what the code can do.
Can the new wave of crypto-anarchist effect change in the new decentralised web.
Traditional property rights. Are defined by law, and can be taken away by the law.
clip_image015clip_image016

It is now possible to deploy Autonomous Agents. They can hold property, and can execute smart contracts.
clip_image017

Created blockchain based “Plantoids”. They can’t breed by themselves and need others help.
clip_image018clip_image019

1. capitalisation. Collecting cryptocurrency to repoduce. It tries to loook pretty to encourage people to donate ether to it.
2. if it has funds, then it can ask people to vote on the new artist to create its child
3. it will use a smart contract to hire the artist to create the new plant model.

Artist gets royalties from how much the plant earns as an incentive to make good ones, and for them to breed.
Now instead of sending money to artists, you send money to the art pieces. A different funding model.

The plantoids can have requirements put upon them. Its children need to be based on its rules (requirements for decorative elements) and artists can put new requirements on the ones they create. Will make different species emerge.
Requires “Holographic consensus”
COALA (Coalition of Automated Legal Applications) is a global research initiative.

clip_image020

 

Decentralize, Democratize, or Die

Cory Doctorow, EFF

EFF origin stories from 25 years ago.
The original “crypto wars”. NSA put restrictions on civilian use of cryptography.
Gov tried to lock everything down to just DES-50 encryption. EFF tried to show that DES was insufficient and built hardware that could crack the entire DES space in 2 hours.
But govs said ‘well, we need it otherwise criminals will go dark’
The technical arguments didn’t work. So EFF posted the source code for stronger encryption online on usenet, then argued under free speech that it was fine. Was the way EFF allowed people to use encryption higher than DES-50.

Showing that there are more tactics in your toolchest than just “deploying code”.
Main ways:
Deploying code and hardware.
Markets. Getting partners to go in and argue.
Norms. What is socially acceptable. Moving encryption from just nerds, to making it mainstream.
Law. Whats legal.

You can’t make everyone you communicate with use crypto, something will leak
You can’t audit all of your hardware.
You can’t verify every cypher algorithm is solid and sound.
OPSEC is not going to save you. Security favours attackers. Defenders need to be perfect all of the times, attackers only need to find a mistake once.

Crypto and privacy tools can help protect and shelter you for short periods of time. Can help protect you while you have discussions that you aren’t ready to have public.
There are many things that used to be illeagal which are now embraced and considered normal (being gay, interraccial marriage, weed).
They happened because people could have secret communities that they could whisper and have secrets with people. Social progress was able to continue.

DMCA was used to stop people reversing engineering DRM.
So anyone what didn’t want you to modify hardware, would just put a tiny layer of DRM on top of the hardware. To make it impossible to modify without “breaking DRM”.
Insulin machines using cartridges that have DRM, so it is illegal to bypass the DRM to use alternatives.
Now that everything has a DRM chip in it, make it really difficult for researchers to do anything without it being illegal.
DRM in browsers. No browser vendor promised to not use DRM to prevent security researchers from disclosing vulnerabilities.

clip_image021

Attacking. You want to make it so that the cost of attacking a system, costs more than the expected economic return.
This works, until the value of the thing you are protecting suddenly goes up (such as a cryptocurrency suddenly spiking).
For crypto people, it means the cost you should put in to protecting your computer is going up, because the vaule of what you’re holding is going up.
This means new 0-days for attacking machines are becoming more valuable, as the expected return is going up as there is more chance you could find private keys.
The rule of law is the best way to get things changed. We love code, but need to find ways to help the law change towards how we want it seen.

 

P2P Networking in Ethereum 2.0

Jannik Luhn, Kevin Mai-Hsuan Chia

Very short session
clip_image022clip_image023

Validators are a new class of node. Similar to a shard node but only downloads recent history, and switch between shards regularly and randomly.

Networking protocol requires 3 things. Discovery protocol for discovery. Gossip protocol to distribute data. And RPC calls to sync data history.
Gossip will pass things out to a few neighbours to help it get diseminated throughout the network.

clip_image024

They used GossipSub by libp2p (rather than devp2p).
Did simulations for 1,000 nodes to see how things would work. Found that nodes didn’t go over 60% capacity. None hit 100% which meant that things weren’t being bottlenecked.
clip_image025clip_image026

Cranked it up to 10,000 nodes
clip_image027

P2P implementation
They are using libp2p. Allows them to switch out the protocols like TCP, etc
Requirement for the networking layer was that clients should be able to subscribe to one or more shards. And the client should only receive data for shards it has subscribed to, and not others.
They have implemented the essential funcions like joining sharding network, subscribing to multiple shards, etc.
clip_image028clip_image029clip_image030

 

Managing upgradeability and EVM packages with ZeppelinOS

Facundo Spagnuolo, Open Zeppelin

Tutorial blogs are online
https://blog.zeppelinos.org/zeppelinos-2-0/
https://blog.zeppelinos.org/getting-started-with-zeppelinos/

ZeppelinOS. Open source platform to help you build smart contract systems.

clip_image031

How to do upgradeability
npm install -g zos
zos init my-project

Write the smart contract (MyWallet contract)
zos add MyWallet
zos push -n ropsten
zos create MyWallet -n ropsten
> 0x23abba13

Later find there is a bug in the wallet.
Update the source code.
zos add MyWallet
zos push -n ropsten
zos update MyWallet -n ropsten
> 0xccab2314

This is all done using proxies
ZeppelinOS provides a standard way to fix bugs, and add new functionality.
clip_image032

EVM Packages
EVM packages are upgradeable on-chain packages of smart contract code
clip_image033clip_image034

Can have your code depend on other packages and link to them. Later they can be upgraded.
clip_image035clip_image036clip_image037clip_image038

How do we know these packages online are correct? ZeppelinOS Vouching system.
Will allow users to back the quality of an EVM package. Signal your support. First step towards a curated on chain packages system.
clip_image039

 

Unscrambling an Egg: Decentralization and the Zcash Foundation

Josh Cincinnati

Are we decentralised yet
https://arewedecentralizedyet.com/

What is the goal, what are we really after?
Zcash want to be used for the public good. The foundation is there to help guide and make sure the zcash company are on the right path.
clip_image040clip_image041

 

CBC Casper Design Philosophy

Vlad Zamfir

clip_image042

“Correct by Construction” protocol design is a process of protocol specification which guarantees that the resulting protocol definitions satisfy desired properties.
As opposed to a process of iterated trial and error.
clip_image043

He spent 5 minutes talking about defining undefined, and how you can define the most undefindness you can have. I just got lost (a common theme throughout this talk)

“Bottom times bottom, is more defined than bottom”
“bottom times empty set is more defined than bottom times bottom”
(you can see why I’m getting lost here)
clip_image044clip_image045

CBC protocol design, goes from defining the most simple things, and then define things on top of the previous definitions.
clip_image046

“sometimes CBC design isn’t quite straight forward”

The beauty of using CBC, is that the protocol is defined by the definition. Means there can’t be ambiguity, it just does exactly what it says it should do. Makes it easy to prototype and test, and things just work.
Thinks like not needing to worry about consensus protocols as much, as it all just work out. Showed an example prototype where shards can just keep becoming the new root that others build off, and them continuously rotating around with new roots.
clip_image047

 

Ethereum 2.0 randomness

Justin Drake

clip_image048

They use randomness in 2 places.
One in sampling to select validators.
Can also be used to expose randomness to EVM apps.
clip_image049

Goals for randomness is to make it unpredictable, unbiasable, and unstoppable
In RANDAO proposers are given slots. And they can reveal a secret to seed the randomness.
Gives the last revealer 2 numbers to pick from, the current random seed, or what they would add.
clip_image050

Verifiable Delay Functions. Takes an input, difficulty, and outputs the value and proof.
Can chain them to make it harder to bias
clip_image051

Need to make sure that good actors can calculate it within a threshold of attackers. They are thinking of creating VDF ASICs that can do it, and then handing them out to many people.
clip_image052clip_image053clip_image054

To create the initial random seed that will be used for the VDFs, they will use a RSA creation ceremony with 1024 participants. Just need 1 party to be honest to be successful.
clip_image055

 

VDF ASIC hardware
Doing it in partnership with Filecoin!
clip_image056clip_image057

 

LibSubmarine – Temporarily hide transactions on Ethereum

https://libsubmarine.org/

Prevent reordering attacks. Keeps data private temporarily, can’t see who or what is being committed
Can add it into contracts fairly easily. Can modify ERC721 to add a “sealed bids”

clip_image058
clip_image059

Off chain you generate a submarine address and generate a merkle-patricia proof. Then on chain execute a transaction to commit the submarine tx, and then later reveal the proof.

 

The Entire History of You Is Being Sold

Jesse Leimgruber
https://bloom.co

In the USA there are 10,000+ companies currently pooling and selling your data. And it isn’t even being kept securely as Equifax showed. Data leaks are becoming more common occurrences.

Users need to own their data (Bloom app stores the data on your phone)
Limiting access (user is responsible in selecting how it gets shared)
Data reusability. Good UX to allow many apps be able to reuse the data.
They just partnered with BMW to use Bloom for BMW loans.
Also announced partnership with American Express to use bloom for their loans.

Devcon 4 report: day 2 – Ethereum 2.0 keynote

Other days:

Today had less sessions and was less intense. Apart from the keynote by Vitalik and SpankChain sessions there isn’t much to report on.

Opening

The MC wrote a song (I tried to take a video but was too far back to get anything good, I’m sure there are videos online).

He is tokenising his songs and putting online https://www.jonathanmann.net/devcon

Welcome to Devcon 4

Aya Miyaguchi, Ethereum foundation

Ran through her history of learning about blockchain & Ethereum.
Ethereum has a chance to empower society with it’s decentralisation, but we need to protect against it being used to restrict people by centralised powers (traditional companies and gov). Important for Ethereum community to keep these values as we scale.
Ethereum foundation keeps on making sure it minimises power in individual people. It wants to see itself as helping connect and foster collaboration in the community and connecting dots. But its goal is to grow the Ethereum community, not itself. Is why it didn’t structure itself in the way of a traditional startup or corporate.

clip_image001

She has invited a number of special guest speaker for the week. Like the internet archive
20181031_105128

Ethereum 2.0

Vitalik Buterin

It is the 10 year anniverary of Satoshi’s Bitcoin whitepaper.
Ethereum 2.0 is a collection of research projects that have been ongoing over the last number of years.
Back in 2014 he wrote a paper on how slashing could be used in a “proof of stake algorithm”.
There was a bunch of aborted research in 2014 around different scaling mechanisms. Poof of proof of work, Hub & spoke chains, hypercubes.
clip_image004

During 2015-16 was a bunch of quiet research.
Resarch on “consensus by bet”. Some people would bet, which influence others to bet on those blocks, until one of the blocks have enough backing.
Wrote a scalability paper in 2015.
Wrote about the “data availability problem”. Could allow malicious parties to not publish data, which is required in sharding.
Everything got stopped in 2016 after the DAO attack, and the Shanghai DOS attacks.
But still quite worki happening on ewasm.
clip_image005

First Casper FFG paper came out.
At Devcon last year he showed the new sharding design.
Vlad released Casper CBC paper.
End of 2017 they released a Casper FFG proof of concept of a hybrid proof of stake system. Would allow gradual upgrade and migration. This research got very far.
But meanwhile there was a lot of working happening on Sharding. During a retreat in March they had a lot more details solidify. But they realised that there were teams trying to implement hybrid proof of stake inside existing blockchain, then a separate group that is trying to make a sharding system and a validating contract. The 2 groups weren’t really talking to each other. Realised they could reduce a lot of work if they just integrated them better.

It did mean that they lost a bunch of work that had already been done. But it meant that it would be simpler, and be better integrated, and the final state would be much better. (I think they did a great thing being able to step back, not worry about the sunk cost, and made the better overall decision).
Meanwhile LOTS more research happening on things like cross shard transactions and contracts.
Development happening on beacon chain implementations.

Ethereum 2.0’s real name is “Serenity”.
Gets us closer to it being “the world’s computer”

clip_image006

Phase 0 will be part way between main net and test net. The beacon chain will be there and running, but can’t really do anything with it directly.
Phase 1 will do sharding of data. NOT sharding of state. Could do decentralised twitter on the blockchain. But no smart contract applications.
Phase 2: enabling state transitions (smart contracts)

clip_image007clip_image008clip_image009clip_image010clip_image011

Track overview

Scalability
Layer 1 (sharding, casper), Layer 2 (state channels, plasma, sidechains), ZK-SNARKS, light clients, etc.
Suggested sessions:
Making sense of layer 2 – Josh Stark
Snarks for mixing signalling – Barry whitehat

Ethereum 2.0 sessions

clip_image012

Designing robust systems

clip_image013

Privacy
Lots of centralised companies are harvesting our data. We need to take the web back.
Suggested talks:
LibSubmarine – Temporarily hide transactions on Ethereum – Stephane Gosselin https://guidebook.com/guide/117233/event/21956198/ 
Plugging the metadata leaks in the ethereum ecosystem – Peter szilagyi https://guidebook.com/guide/117233/event/21956182/

Developer Experience
Suggested session on EthPM https://guidebook.com/guide/117233/event/21956118/

UX design
She just flicked through many session names. Nothing jumped out.

Society & systems
Technology changes society. And society can influence tech.

clip_image014clip_image015clip_image016

Events around Prague
http://Guides.pragueBlockchainWeek.cz 
http://Events.pragueBlockchainweek.cz 

Decentralized development, what does that even mean?

Amber from Clovyr
https://clovyr.io/

Web 3.0 is about trying to keep data close to where it resides, decentralisation, data portability,

clip_image017clip_image018

Development of blockchain clients (Bitcoin, Ethereu, zcash). Funnily enough the core code contributors of those clients are centralised in just a few developers hands. But if you look at something like kubernetes they have sooo many more people contributing.
How about code hosting, 90%+ of projects are all hosted on Github.
clip_image019

Browser 3.0

Mist team.
Current browsers are owned by centralised companies who track (Chrome, Safari, setting default search engine, etc).
Metamask extension was removed from Chrome store for a while. Chrome apps all got killed off.

Lets build our own. Lets start by using Electron.
Current web3 clients on the desktop are Metamask, Brave, Ethereum Mist, Parity. 3 of those 4 were built on Electron. But electron has a lot of security issues which is a bad thing for crypto private keys
Electron keeps lagging far behind the latest versions of chromium, meaning it is vulnerable to known exploits for long periods of time. Mist team don’t want this so they are building their own electron alternative called Tau.

SpankChain: Payment Channels in Production

https://spankchain.com/ 
https://beta.spankchain.com NSFW!

clip_image020

Their “pegged” stable token is called Booty.
It all goes into the “spank bank”.

clip_image021clip_image022clip_image023

Took 4 attempts at payment channels.
2nd, the MVP. Was a unidirectional ether only. Issues they had was that querying infura was non-deterministic, and Truffle timeout was 240 seconds which meant things failed in production.
3rd they launched. They got hacked when they unlocked their geth node for the deployment. Was only unlocked for 140 seconds and lost all the funds in that wallet.
4th they upgraded it. Had p2p virtual channels, ERC-20. The contract got hacked “they got spanked”. Worked with the hacker to fix the bugs.

The rewrote the smart contract and the UX. There were issues with the original version trying to get adult performers to join payment channels, as they’d need Eth to pay the gas to run the transaction. So Spankchain would need to send the performers enough gas before the show starts, to open the channel. And then do the same again when they close.

Announcing “ComeSwap” to cash out your booty for Ether
clip_image024

Devcon 4 report: Day 1 – core tool updates

Other days:

The first day of Devcon started at midday, but still had 12 talks. It was a bit of an “updates” session. The main event kicks off tomorrow morning with the keynote by Vitalik.

Highlights:

  • Universal Ethereum Logins was the show stealer for me. The demo blew me away, and there is a full SDK available now to use.
  • Lots of research into switching from Devp2p to libp2p (the networking stack IPFS uses)

EF Grants update

Ken Ng giving an overview of how EF grants foundation has been going since the launch this year.

So far has given out $11,000,000 to 75 projects over 4 waves!
Grants program is to fundamentally empower the Ethereum community and open source development. About creating up the core Ethereum platform, for others to build upon.
Want to help people build their passion projects that will help the Eth community. There will be more waves of funding, be sure to apply.

Ethereum Mist

Everton Fraga from Brazil

Submitting transactions looks scary at the moment.
Currently revamping the transaction window with a lot more details
clip_image002

Syncing improvements. Instead of a full sync, do it in stages.
clip_image003clip_image004clip_image005clip_image006clip_image007

Ethereum Name Service

Nick Johnson

clip_image008

Making it easy to attach friendly names to Ethereum addresses.
Rolled out with the .eth support with traditional DNS.
Rolling out 2 new domains .xyz & .luxe

Permissionless integration via DNSSEC
Can claim now via https://dnssec.ens.domains/ or you can use EasyDNS

More researching is ongoing for the registrar. They found that a lot of the names are being owned by just a few people.
Moving to a “yearly rent” style model to prevent squatting. Also help pay for ongoing development

clip_image009 
There will be a migration process over to the new domain registrar. If you do it within the first year then you get a year renewal.
Otherwise if you don’t migrate it after a year, the name will be released.

clip_image010

Adding support to into client libraries like Web3.js 1.0, ethers.js. And other projects like Gitcoin.
They are developing a new Dapp interface. It is much slicker and easier to use.

clip_image011

EthereumJS – Our roadmap for 2019

https://github.com/ethereumjs

Is an implementation of most of the base Ethereum technologies, implemented in JS (EthVM, merkle trees, etc.)
Used by Truffle, Metamask, Embark, etc.

clip_image012

Ethereum JS virtual machine. 
Is a “web first” library, embedded in Remix and Metamask. Captures Ethereum’s state transition rules.
Looking at integration with ewasm, but there are difficulties in EthereumJS being completely async, but the current specification for ewasm is synchronous.

Ethereum JS client
It isn’t meant to be a R&D platform for new features and research efforts. An educational tool.
The architecture is inspired by bcoin https://github.com/bcoin-org/bcoin 
It can currently sync to the main net (fast & light syncing).
In browser can sync via libp2p.

Ethereum JS Sharding (ShasperJS)

clip_image013

For the phase 2 Ewasm research, is taking a list of ordered transactions and executing them.
Why Shasper in JS? Because it’ll need to be written and supported so the other tools can use it.
Not much real info in this session.

EtherTS (Typescript)
There are lots of EthereumJS that is written Sync, and lots written async. Want to take the learnings from the last 2 years and implement them.
They started by using Typescript to help find bugs by pointing out type issues
*cheers from the crowd for using Typescript*
Will be using more Typescript in the future.

Yul

Zlex Beregszaszi, Solidity co-lead.
https://solidity.readthedocs.io/en/latest/yul.html

It is a “Language for language developers”
Last year he did a talk on Julia, but there was a naming conflict, so now it is Yul.
Easier to just show the slides for this bit. They are helping compilers build better code.
Is currently being used by Solidity, Flint, LLL

clip_image014clip_image015clip_image016clip_image017

Making ICOs fair (Reversible ICO)

Fabian Vogelsteller

He has helped build a few important things, like Ethereum wallet, mist browser, web3, ERC-20 standard, ERC-725.
Tokens allow you to own them, and transfer them.
Just a smart contract with an internal list of account balances.

What triggered the ICO explosion was the way that smart contracts could call and integrate with each other. Could creating funding contracts, token issuance, etc.
clip_image018

But people greedy. Were collecting a LOT of money, but maybe without having a solid basis for the proposed project.
So how can we make this more fair, what makes a Fair ICO?

Vitalik wrote an article on “DAICO” as one possible solution, was based on voting on the funding flow from the pool to the developers. Problem is people don’t vote.

Reversible ICO

Funds are given over time based on a “tap”.
Everybody can send his tokens back and get the “not yet given” funds out.

1. allocation phase. Committing funds to the project.
2. distribution phase. Funds are released slowly over time.
2.1 if at some point you think the project has gone off course, you can withdraw your tokens and get back your (not yet given) funding.
3. Swap phase. Swap out for utility tokens to use the final project, or final shares, etc.

He is going to try it out with his own ICO for https://www.lukso.io/

clip_image019clip_image020

SWARM Team update

http://Swarm.ethereum.org

Decentralised file storage.
Session is a collection of team updates

Warning: <My yearly rant as they never make any real progress>

I still do not understand why they don’t just embrace IPFS as the base decentralised file store layer, and then build Ethereum specific extensions on top of this. It would help ensure there is a critical mass of decentralised file nodes, faster connection times, resolution, etc. Not only that, the community has been building on IPFS for the last 2 years.

The ONE interesting part they were doing was the SWAP/SWEAR/SWINDLE incentive layer. That would have been a great research project to put on top of IPFS, and leveraged what is already built. But this year they didn’t even speak of the incentive layer!

They are just reinventing the wheel, and have delayed their own progress by YEARS.

Releases
New release process. It is now in the same repo as geth. Whenever there is a geth release, there is a swarm release.
Whenever there is a swarm release, the nodes at swarm-gaeways.net are updated to newest version.
It is easier to install now. Can get via apt-get, docker images, binaries.

Feeds
Is a pub/sub system.
Is a key/value store.
Each user can only update their own key space, but can read other key spaces..
Could be used for IoT data feeds.

clip_image021clip_image022clip_image023clip_image024

Encryption
Rolled their own encryption algorithm.
Took an existing crypto algorithm and “tweaked it”.
Missed a screenshot of their variation.

I’m sure nothing has EVER gone wrong with writing your own encryption algorithm.

Access Control
Does it by encypring the data, and giving keys to just the people that should be able to access it.
Accessing content which is “access controlled” is enabled ONLY when using a local node.
Don’t use a public node, as they could read anything you have access to.

clip_image025clip_image026clip_image027

Observability
Metric logging for swarm nodes. CPU, memory, number of peers, etc.
clip_image028

PSS
“yet another messaging system”, why this over Whisper?
Focuses on efficiency over secrecy.
On by default, can’t disable.
clip_image029clip_image030

Light Node
Only briefly connected clients that spin up, let a user do something, and then usually disappear
clip_image031

Roadmap

clip_image032clip_image033

Universal Ethereum logins

The bad UX experience of signing up first time to Ethereum is terrible. Requring taking selfies with your passport to sign up for an exchange, to get buy Ether, etc etc etc.
The UX is so bad, that there were more ICOs this year than daily average Ethereum users 😉

clip_image034clip_image035

Showed an awesome demo of onboarding a new user, completely in browser. No keys or ether. Really watch this session for inspiration.

clip_image036clip_image037clip_image038clip_image039clip_image040clip_image041clip_image042clip_image043

Whisper

clip_image044

After Devcon 3, Implemented a libp2p version as an experiment.
It works, but the GO implementation of libp2p isn’t very modular and brings in a LOT of dependencies. This needs to be resolved before it is rolled in.

Devp2p was the Ethereum team created protocol.
Libp2p is the one used by IPFS.

Currently they have implemented libp2p next to existing devp2p implementation. Will slowly migrate it across to libp2p and remove the devp2p stuff.
clip_image045

Formality

The are working on the Moon project (This was my #1 thing from last year).

Moon browser: Instead of traditional accounts and passwords, uses crypto signatures.
What if you could fork an entire web application. (not just the front end, but the eth contracts as well).

To enable this, Dapps need a formal specification. A spec of everything this Dapp promises to do.
So to enable moon browser to do something like this they needed to solve this problem.

They looked at a bunch of existing formal spec languages, but non fit. And all were slooooow.
clip_image046

So they created their own called “Formality”
clip_image047clip_image048clip_image049clip_image050

Devp2p development update

Felix Lange, Maintainer of the devp2p specification.

It’s a p2p networking stack.
Doing experiments on running devp2p apps on libp2p. Have an idea how to integrate libp2p into devp2p.

He seemed a bit defeatist. “yeah there are a bunch of implementations. Pretty much all Ethereum blockchain implementations”
State of live network. “Well we’re still alive”.
Development update. “This is where we usually talk of what we did in 2018. We finalised writing up the spec! And we have a test suite now”
Geth p2p changes. They implemented mitigations to a responsibly disclosed denial vector.
Sharding research is mostly being done on libp2p at the moment. Peers need to switch quickly for sharding, which doesn’t work too well in devp2p right now.

Special projects

Dr. Virgil Griffith

Is a grab bag of links to cool projects.

  • Moving nash equilibriums.
    Prisoner’s dilemma is non-cooperative. But can change to cooperative if they both pony up a deposit.
  • Created a new frontend for EF grants
  • Created a new wiki http://ethereum.wiki
  • https://ether.cards/ ethereum gift cards
  • peaceBridge. ETH-ETC bridge.
  • They just gave Ethereum Classic a $150k grant.
  • http://woracle.virgil.gr/ can help you create wolframe code. Can use it as an oracle to calculate big numbers
  • Using Intel SGX on desktops, allows you to use any desktop PC as a hardware wallet.
  • http://neverslash.com/ helps protect your staking machines in future.
  • http://crypto.pr/ The Crypto Paradise of the Caribbean

Community report: Smart cities Blockchain hackathon

I was proud to be a sponsor, trainer and mentor at the Smart Cities Blockchain Hackathon http://smartcitieshack.org/

SmartCitiesHack Melbourne brings together the brightest minds to develop innovative solutions, utilising IOT, Blockchain and Big Data to introduce smart technology to solve real world problems, in one of Australia’s largest cities.

An impressive aspect of the hack is that there were 2 teams from a girls high school, one from a college, and one solo university student. It was great to see younger people getting involved and solving problems from their own unique perspective.

The final demos that interested me the most were:

  • Home stay invest
  • Public works platchain
  • Smart space

And of course there was lots and lots of food sponsored by Microsoft
20171020_195803

 

Kick off

A few guest speakers presented at the beginning of the day to help give insights into what type of challenges cities are facing. One of them was the CIO of the city of Palo Alto

Cities of the future need to focus on 3 key things: Liveability, workability & sustainability.

6% of Australia’s GDP goes through Melbourne
How do you prepare a city for autonomous vehicles.
Digital identity. Who owns it, who can use it.
How can gov policy keep up (some industries will be dead before legislation even comes in)

We have such a massive influx of people moving into the cities. If we think traffic congestion is bad now, wait until the future!
Thinks the issue is climate change trumps any other issue.
Users don’t want to deal with governments in giant waiting queues at centrelink. They want to just pull out a smartphone app and renew their license.

Winners

  • 3rd place. My Say
  • 2nd place. Owl
  • 1st place. Smart space

clip_image001

 

The presentations

Smart space
Decentralised way to list rentable spaces e.g. conference rooms, lecture theatres.
Can book it using blockchain, get a QR code, can enter the room.

clip_image004

 

Team peak
High school student team
Medical insurance fund
Do it peer to per so that you can reduce costs by removing the massive admin overhead costs of existing insurers.
Have people in community randomly validate claim requests.

clip_image005

 

Ourspace
Property storage rental.
More and more people are moving into cities, people have less living space. People are looking for storage spaces. Allows people who have spare space to rent it out to others
clip_image006clip_image007

 

Smart carbon
Solo 2nd year university student.
Tracking carbon emissions from sensors, and keeping a true record on the blockchain. Built a blockchain solution that would allow sensors to store their data. Allows trusted collection of carbon emissions in real time.
clip_image008clip_image009

 

Public works platchain
Try and reduce costs and provide better cost certainty through public works tenders.
Tenders and implementations rely on multiple parties (council, telstra, contractor). At the moment parties can delay without incentive to complete on time.
Can use blockchain as an escrow account for payments, and other stakeholders put in a deposit. If the contractor delays, they automatically get a penalty fee taken out of the escrow account. If the stakeholders (council or telstra) are the cause of the delay, they lose a portion of their deposit.
clip_image010clip_image011clip_image012

 

Team Quatr
Tracking home rubbish bin levels, so that garbage collection trucks don’t need to stop at every home, and can be more efficient. Automatic optimised route creation.
People that recycle get 1 “eco token” per recycle bin collected.
clip_image013clip_image014

 

Home stay invest
For international students looking for long term housing. And for Australian’s looking to purchase an investment home.
Allows people to invest in their communities and their schools.
Multiple actors, students, people that want to invest, people who have spare rooms to rent.
Fractional property purchase / fractional sale.

clip_image015clip_image016clip_image017clip_image018clip_image019clip_image020clip_image021clip_image022clip_image023

 

Team Owl
https://owl.now.sh/
Sensors can create streams of data, that they can sell for tokens.
Others can see on a map the list of streams, can click to purchase access rights to the sensor data stream.
Iota IoT network
clip_image024clip_image025

 

Team Mysay
Girls high school team
Electronic voting via the Blockchain. Allow more open democracy. Can use for local council meetings for example
clip_image026clip_image027

Devcon 3 report: Day 4 – p2p tech

Other reports:

Today’s sessions covered a lot of secure messaging (Whisper / PSS), some swarm, and a couple of sessions on real world supply chain / logistics applications

Whisper: Achieving Darkness – Vlad Gluhovsky
Imagine a world where defensive technology always won. World would live in harmony. Lots of harmony and liberty for all
Want to help “achieve darkness” with whisper.

Whisper is a messaging system designed to deliver darkness at high cost.
Darkness is when no meta-information has been leaked. Plausible deniability.
Is an integral part of Ethereum. Off chain. The underlying Ethereum communication protocol takes care of delivery. It is a gossip protocol. Every message is delivered to every node.
Message is forwarded on, node can’t decrypt it, passes it on. When the message does receive a message that is for them that they decrypt, the node still passes it on so that no one knows it was the final recipient.

clip_image001[1]clip_image002

Spam prevention uses proof of work.
Ephemeral identities. Decentralised. Built in steganography. Darkness
Is high latency, high traffic, high processor load, high memory usage. Need to try and decrypt messages even if they aren’t addressed to you (is the only way to find out if it is to you).
The topic is 4 bytes of arbitrary data. Used for probablistic message filtering. Will be used for routing in version 6. Topic collisions are expected and required for plausible deniability. Is just there to help you get a subset. But you don’t want to reduce darkness too much.

Recipient: should forward all messages
Sender: maintaining noise by sending random data sometimes. So that metadata isn’t leaked by only sending messages when it is a real message.
One directional logical channels
Can do symmetric and asymmetric encryption.
Whisper is tech agnostic. Can use on any network.

Need to pad messages with random data to not leak metadata.
Additionally you can use steganography to hide messages in the “random” message padding

clip_image003clip_image004

 

Using Whisper and IPFS to improve customer experience in a P2P marketplace – Michael Thuy, Stefaan Ponnet
Consumer facing dapp without users worrying about blockchain, EVM bytes, etc.
Will talk about creating IPFS consortiums to help ensure data is pinned and available

If you want to create a Dapp which is completely decentralised, you still need storage. Need to make sure data is retained long term on IPFS. Got people in an IPFS consortium who help out by cross pinning each other’s data to keep it retained.
Created a IPFSProxy.sol contract to handle the cross pinning.
Contract that has functions to add and remove hash and broadcasts events when hashes are added/removed.
Run a proxy listener on IPFS nodes to know what to pin/unpin.
Other contracts can call the contract to add/remove pins.
Can trigger a pin via a couple of mechanisms e.g. whisper
Individual supporters can run the proxy script at home.

clip_image005clip_image006

Gas station
https://github.com/swarmcity/gasstation-service
Want
a way for users to get some gas to be able to use Dapps. Most Dapps are solving this by giving some free gas via a faucet. But difficult to restrict it from being abused.
Made a contract that holds eth/gas, can swap tokens for gas.

clip_image007

 

How to build a real world supply chain ecosystem using the Main Ethereum Network – Giuseppe Bertone

Easier for you to read his slides than me retyping it out

clip_image008clip_image009clip_image010clip_image011clip_image012clip_image013clip_image014clip_image015clip_image016clip_image017clip_image018

 

Building consumer facing interfaces for trust in supply chains
https://supplychain.consensys.net/
Presenter
is from Consensys.
Give consumers on the supply chain of an item. Disclosing how you make your product and the craft that goes into it.
Based on verifiable claims. The claim and the verification are 2 separate things

Bringing verifiable claims to the supply chain.
Business claims. Could claim you are independent or family owned. Could claim this by linking to your company registration.
Organic certification requires getting a person to come out to your farm, check the process, then give you a PDF certificate. Show that PDF to other companies to prove your organic status. Gives you the rights to put the logo onto your products.
Moved the organic database into the blockchain. Can move from just a logo on a pack to something you can scan and verify.

clip_image019

An issue they had in the old system was that more fish were being sold than had been certified (fraudulent fish). They made an easier way for fishermen to register their catch on the blockchain, and then associate it to the fish.

clip_image020

For flowers, created an app so you could see the entire logisitcal history of where it has been.
Same with coconuts

clip_image021

 

Next batch of sessions I moved into the breakout stream for p2p technologies

[p2p] Breakout Session on P2P technologies: Introductory Remarks – Viktor Trón

Ethereum for the “world’s computer”
Swarm for the “world’s hard drive”
he called this a Swarm workshop. I may get ranty again.

Swarm has continued to grow in scope (feature creep) and is well beyond its initial spec of file storage.
Real time apps need communication, so want to build PSS
Need an incentive system, so are building Swap (this I agree with)
Are now creating their own payment channel system……..

<<rant>>
there is so much scope creep!
Creating their own decentralised storage, incentive system, messaging system
Now they are creating their own payment channels?

I absolutely love and agree with the end result. But this team really needs to scale back, focus on the core value prop (Swap for node retention incentivisation) and do a lot more module reuse from other projects like uRaiden, IPFS, etc.

 

 

[p2p] – Swap, Swear and Swindle games – Viktor Trón, Aron Fischer
Framework to incentivise all distributed system.
Grew from a small micropayment system, to a more complete system.

Swap is the protocol which tracks what services are provided and consumed. Is on a per connection basis. Nodes keep track on usage of its peers.
Type swarm address bzz://somesite
Receive data from peers and compensate them if you consume more than you send back.
Can track the payments off chain. Can keep collecting cheques from a channel, only need to keep track and eventually push the last one onto the blockchain for payment.

clip_image022clip_image023

Cheques are just a promise, not an actual locked in payment.
The system can be extended into a payment channel with stronger assurance.
Chequebook system can be extended to cover other forms of financial instruments. Bounties, bonds,

Swear is saying what services you can offer
Swindle contracts are the enforces of service promises.
The point of the swap and swindle game, is to securely list and provide services.

clip_image024clip_image025

 

[p2p] – How Truebit can leverage PoW + PoA to solve for visa-scale transactions – Zac Mitton
Has been doing research on Merkle computers, as TrueBit
Ethereum scaling strategies.
Blockchain isn’t scalable, because all full nodes need to execute all transactions.
Solution is to find a way to not require every node to execute every transaction (such as sharding, side chains)

Truebit allows for provable off chain computation.
Break up the execution of the piece of work into many many tiny sub parts, each are small enough to be executed within the Ethereum gas limit.
Run it off chain, publish result to blockchain. Others can verify and challenge if they disagree. Then a proving game starts where both parties say at which point through the execution do they disagree. A billion operation execution could happen in 30 verification transactions on chain. The dishonest person pays the penalty.

clip_image026clip_image027

 

[p2p] – Web3 Goes Live – Livestreaming Video on the Peer-to-Peer Internet – Eric Tang
http://livepeer.org

Live streaming today needs a lot of infrastructure to support the bandwidth requirements, processing into multiple streams, pushing to CDNs. Large costs on bandwidth.
Peer to peer video can help reduce costs on popular streams by peer sharing.

clip_image028clip_image029clip_image030

The future is to move to a decentralised live streaming model

clip_image031clip_image032clip_image033

His suggestion is to use a crypto token service. The nodes that are providing service earn tokens. People use tokens to broadcast on the service.
Nodes can be supplying bandwidth. Or they could join the network as transcoders and offer that service for tokens.
Nodes can do the transcoding, provide merkle proofs for what they do. Can be verified, so that they get their payments (can use Truebit or Oracalise for example)

clip_image034clip_image035

 

[p2p] – Streamr stack for P2P data transport and off-chain analytics – Henri Pihkala
Streamr is for streaming raw data feeds. Like IoT sensors, temperature. Creates a data stream economy.
Want to create a marketplace and make it like an “app store for data streams”

clip_image036clip_image037

 

[p2p] – Self-sovereign BigchainDB data injection in smart contracts through the Jolocom Identity Gateway – Dimitri De Jonghe, Eugeniu Rusu
@BigchainDB
Decentralised data gateway for Ethereum
BigchainDB is a “planet grade database”.
A lot of our personal private data is in data silos owned by corporations.
Combination of private data + public claims.
If you know where your data is being stored, you could grant/revoke access.

clip_image038clip_image039clip_image040clip_image041

 

[p2p] – PSS – Node-to-node communication over swarm
https://github.com/nolash/go-ethereum-p2p-demo
Swarm
stores chunks across many nodes. Then nodes can retrieve from nodes. Has a routing algorithm to try and be more efficient.
PSS uses the same kind of logic, but for message passing instead of files.
Node addresses are generated as a long string of bits. To randomly split up the network. Nodes think of neighbours as being “close” by how similar their bits line up. Completely ignores the concept of geographical closeness. May not be geographically efficient, but is efficient with routing.
Messages are forwarded from node to node. Compares the address to its respective peers, then forwards on to a node in the correct direction (closer number of bits).
Messages are cached on the node, so it knows if it has seen it before.
To help mask metadata of who was the intended recipient, as you get closer to the correct node, forward it on to additional nodes. Final node passes it on so you don’t know it was the last one.
Using the Whisper encryption and message envelope.
Uses the same Whisper message padding to hide metadata

clip_image042

 

[p2p] – Workplace messaging using PSS – Shane Howley, Carl Youngblood
Company name is mainframe (that will be fun to try and find any documentation online).
A fully decentralised messaging system. It is alike a decentralised Slack with privacy.
Can be used with a company and also secure cross organisation communication.
Help guard against corporate espionage. Helps protect against accidental leakage.
Mailboxing service.
Swarm node. Exposes a GraphQL API. (there is some pretty cool tech under the covers)

clip_image043

Add contacts via their public key. Then can start sending messages

clip_image044clip_image045clip_image046

 

Designing IoT Frameworks Using Ethereum – Shuang Liang, John Gerryts
https://OakenInnovations.com
MQTT
, lightweight pub/sub message transport. Designed for sensors with low bandwidth channels
Wanted to combine with Etherem to get trust and global identity.
MQTT-Trusted combines them.
https://github.com/Trusted-IoT-Alliance/mqttt

clip_image047

uDapp (miro dap)
Sounds like it is a standard Dapp? Files stored on IPFS, etc. Think the only difference is saying that the uDapp device is running on a IoT device like a car.
Use Geth client in light sync mode. Then use MQTTT for messaging (instead of Whisper)
Wrote a Nodejs library for SoC to access HSM (hardware security module)

clip_image048clip_image049

 

AKASHA: Unveiling The Next Experiment
https://akasha.world/
Trying
to make a decentralised social network that isn’t centralised (like Facebook, who own your data).
Collective memory and freedom of expression back into the hands of people
Uses Ethereum & IPFS

clip_image050clip_image051

Every user needs to burn a small amount of mana to interact with the network.
You lock your AETH token for a small period of time, get mana. Burn mana to do things. Mana regens over time.

clip_image052clip_image053clip_image054

But then they read from Vitalik that most tokens are useless. They need sinks, not just flows. So now they are re-evaluating everything. Trying to figure out what “Token 2.0” is
http://vitalik.ca/general/2017/10/17/moe.html

Devcon 3 report: Day 3 – Dapp development

Other reports:

Sessions you should focus on and watch:

  • uPort (will help solve end user access of Dapps)
  • metamascara (metamask javascript client)
  • Mist browser moon project (more secure Dapp engine)
  • DappHub. Check out the DSAuth contract to handle Auth in a standard way.
  • Real world smart contract development lessons

There were a bunch of sessions on Oracles today. Make sure you check out Microsoft’s version of it as well 😉 “Enterprise smart contracts” https://azure.microsoft.com/en-us/blog/enterprise-smart-contracts-resolving-the-truth-for-blockchains/

Intro to Solidity (2017 edition) – Hudson Jameson
https://hudsonjameson.com/speakingengagements/ slides here.
Solidity is like Javascript. Code is compiled to the EVM (Ethereum Virtual Machine)
Once deployed to EVM is completely isolated and cannot reach outside the EVM.
Easy to write contracts, hard to make sure they are secute
ERC20 is a standard to help with contract interoperability for tokens.
There is a `payable` modifier in solidity to mark that the function can take in Ether (helps protect against accidental ETH sending)
`constant` function modifier is being replaced with `view` and `pure` to be more specific.

Metamask + remix + etherscan demo
Metamask is a plugin that acts as a bridge between browser and Ethereum network https://metamask.io/
Remix
is a solidity IDE, helps with debugging and static analysis https://ethereum.github.io/browser-solidity/
Etherscan
is a blockchain explorer https://etherscan.io/
In the demo he opened up Remix, pasted in a contract, clicked deploy, Metamask opened and he confirmed the transaction, contract got mined/deployed, and could see it on Ethercan.
On Etherscan can see details about the contract, if it has any ETH in it. Can submit the source code to Etherscan, for transparency purposes of verifying what a contract does.
In Remix, can use the IDE to invoke methods on the contract. In Etherscan can see the data values updated in the contract.

IDEs you can use: Remix, Visual Studio, Visual Studio Code (see my blog post on setting that up), Vim, etc. https://davidburela.wordpress.com/2016/11/18/configuring-visual-studio-code-for-ethereum-blockchain-development/
Tools
: Truffle, Ethereum Package Management, solgraph,
Solgraph takes your function code and shows you a graph of all the potential function calls and the dependencies, to see where the security boundaries are.

Flexibility in Solidity – Dr. Christian Reitwiessner
https://github.com/chriseth
Language design is a game of balances. Functionality / complexity / safety.
The path for Solidity, the initial goal was to create a usable high level language as fast as possible. They succeeded… but now it is time to evolve it and make changes to help make it safer.
Structs can now be passed into Solidity functions!! (This has been a massive pain point for me! Happy to see this)
And you can return an array of structs!!

Can use require() and assert() to make your function safer.
For formal verification can use SMTLib2 / Z3. Can prove certain things about a function. Like variables will be in certain ranges, there is a divide by 0, stuck in an infinite for loop.
Can enable it in your .sol by adding `pragma experimental SMTChecker;` If an assertion fails, it will tell you why it failed with sample data.
If you have a simple function that takes in (int a, int b) and do a+b you could get an overflow. Will show you the issue at compile time. So you could put a require at the front to have an upper limit on a and b.

Asserts in your code are fine. Asserts should never be reached. If it is reachable then that is a problem. Asserts help the verifier to make sure it never happens and your function works as expected.

Mist: towards a decentralized, secure architecture – Everton Fraga, Victor Maia
Mist is there to host the Web3 project. Which is the vision of having a peer to peer decentralised internet with a Blockchain backend.
At Devcon 1 there was the first version of the Mist Wallet. Could to transfer, execute transavtions. But was waay too complicated for average user.
Devcon 2, released the Mist browser beta. Works for enthusiast user, full web power for smart contracts and Dapps. But requiring that the entire blockchain gets downloaded and synced first is a bit of a hurdle.
Ethereum wallet & mist have been downloaded 2.6 millilon times
Held a Mist summit in 2017 to talk about and decide on the future of Mist

clip_image001[1]

Recently has focused on hardened security. Did an extensive audit by Cure53. They found 22 issues of varying security levels. From that they improved their test suite, and then fixed.
Have Ethereum bounty program to help encourage community to track down more.
Now has swarm integration to upload files to swarm. Bzz://aacfee00123412…
Has DNS integration so can also do bzz://my.website
Has ENS support for wallets.
To help with syncing times, supports Geth light client. (currently uses v1 light client protocol, v2 coming soon).
Built in Remix IDE. Can debug the steps that a transaction did.
Solo network, can use Geth with –dev flag to run an empty blockchain on your own node for testing.
Added a Windows installer. (Maybe I should talk with them about getting it onto the Windows Store)
Account management, standalone transaction signer. Means now you can sign locally, and then submit to Infura, or
switch between nodes.
If the accounts are managed by mist, means they now support different ethereum clients.
Did a major refactor recently, to help make it easier to add new features.
For Dapp developers, isolating local storage between networks. Different scopes to work with.
Sync jumpstart. Just get current headers, then sync the rest in the background.

Futures: better integration with remix, improve private net integration, puppeth kickstarts.
Could there be a Dapp trust level? Should dapps have access to HTTP (can be used for unencrypted tracking)?

clip_image002[1]

Ethereum wallet.
Previously it was the best way to do your ethereum development (for deploying contracts), but now have Remix. So deprecating advanced features like contract creation. Creating a new Wallet.sol contract.

Q: Where is the decentralised web?
Still using centralised servers for Dapps. With centralised APIs, etc.
Mist relies on a lot of software stacks above and below it. How can you ensure that it is secure when we are dealing with keys that control real money.

clip_image003[1]

Need to worry about javascript libraries you use. If you import them, they may modify the global space and add in trackers or modify web3 connection.
Web3.js has a lot of dependencies (showed a slide of the 60+ .js dependencies)
The web isn’t ready for crypto 😦
we don’t need a browser. We need a new app to access the decentralised web.

Announcing the moon project.
http://moon-browser.org

clip_image004[1]clip_image005[1]clip_image006[1]

Gave a live demoFunctions are pure. UI layouts are on IPFS. Can build up a new UI by importing those different Uis and composing them. dapps are stored on IPFS for future retrival. Can take the code and create your own spinoffs. The decentralised web is mixable.

It looks promising
Video of demo at 1:13:00 https://youtu.be/k42YNyvG8CU?t=1h3m00s

Dapp Development using Remix, Mist, and Geth – Yann Levreau, Rob Stupay
https://ethereum.github.io/browser-solidity/
Remix is a solidity editor, integrated runtime environment with web3, and code analysis.
Can go to the compile tab and see compiler errors.
Can go to the run tab and execute functions on the contract
Does some static analysis. Can warn if gas requirements are too high.
Just talked about generic features of Remix.
It is colour themable..

DappHubb – Andy Milenius
https://dapp.tools
https://dapphub.com

DappHub is a self organizing network of logicians, researches, designers and developers.
Inspired by the Unix design philosophy for small reusable components. Want to make lots of free composable tools for Ethereum.
They are sick of Dapps that are using useless tokens. We want to free the Dapps of useless tokens.
People could take the Dapp, fork it, and remove the useless tokens
Created an ergonomic Ethereum toolchain.
They used it with MakerDAO
Share their tools using the Nix package manager https://nixos.org
One
of the basic components is seth, which is an Ethereum swiss army knife. Make it easier to interact with blockchain instead of using web3. means you can use seth and make it composable on the command line with other tools.

clip_image007[1]

Dapp tool for quick builds, powerful tests, easy deployments. Stack tracing.

clip_image008[1]clip_image009[1]clip_image010[1]

Provable standard library for Dapp development.
Brings the same philosophy across to the smart contracts. Small reusable provable components.
There are 2 concepts: boxes & mixins. Can mixin Auth and Math and then use throughout the app (to bring in features).
Boxes are prebuilt components that have been put into a usable Dapp that you can just use off the shelf

clip_image011[1]clip_image012[1]

DSAuth mixin, abstracts your Auth logic away from your Dapp business logic. Provides a DSAuthority property. Gives a canCall function, acts as a guard on the function, based on any arbitrary business logic, e.g. whitelist, timeboxed, role based, voter veto.

Example:
DSToken Box, is of type DSAuth.
It is a token that has 4 functions: stop, start, mint, burn.
Thinks Tokens should just be tokens. Just a DB of who owns them. Move the auth out from the business logic by using DSAuth

clip_image013[1]

A traditional token is complex
clip_image014[1]

An easier way is to think of them as single reusable components.
clip_image015[1]clip_image016[1]clip_image017[1]

Real-World Smart Contract Development Lessons – Raine Revere
Suggestions for Dapp development.
Central logging: If you have a multi contract system, use a central logging contract to make it easier to track.

clip_image018[1]clip_image019[1]

Modular libraries: Deploy code once, that other contracts can use over and over.
Think about having a data sctruct that can be reused. Then when you are calling other libraries you can just pass in the pointer to the data contract that has the struct, so it can read it easier.

clip_image020[1]clip_image021[1]

Arbitration: use the blockchain as a court system / arbitrator. Assume people will act in their best interest cooperatively and the happy case most of the time off chain. Use the smart contract to execute and be the arbitrator.

User A uses the system and the counterparty does the right thing, execution is super simple.
User B uses it, has an issue. Raises a disupte, then does all the expensive logic and the bad party is punished by paying the costs.
Because the party behaving badly knows that they can be called out and will need to pay the costs, they are incentivised to just do the correct thing and everyone saves money.

clip_image022[1]

Role analysis: who is interacting with the system
Buyer wants to buy, seller is putting up the assets, oracle is publishing the prices. Helps simplify code interactions

clip_image023[1]

Context dependence
Send vs withdraw. Send is vulerable becaues the person you are sending it to could be doing something bad in the receiving code. But maybe you want to keep it simple. “it depends”. Think about the tradeoffs

MetaMask: Dissecting the fox – Aaron Davis, Frankie Pangilinan
~200k users
Team has grown from 4 to 10
Will support HD wallets.
Mustekala project. Ethereum on IPFS to help bridge the two

Dan came on stage dressed up as a T-Rex
V4 will have a new UI, token management and responsive layout.

clip_image024[1]clip_image025[1]

Metamascara
It used to be difficult to be able to get Metamask working in your website. Was a bunch of JS to check Web3 context, etc.

Now much easier, only 4 lines (I missed taking slide photo).

But it will also allow you to not need to have the Metamask browser plugin installed. It will now do it in JS and redirect you to https://wallet.metamask.io to use your wallet.

clip_image026[1]clip_image027[1]

Web3.js 1.0 – Fabian Vogelsteller
Web3.js is middleware to save you converting values and transaction calls between JS and a node. Handles ABI encoding
EVM only knows bytecode. Everything that goes into it needs to be converted.
1.0 is a serious refactor.

It now has promises.
Blockchains have a weird async operation where you need to wait until it mines and is a few confirmations deep. Can use Web3.js PromiEvent to say when to move on once you’ve received enough confirmations.
Subscriptions based on WebSocket or IPC socket, instead of polling.

clip_image028[1]

Web3.eth.accounts can now create, decrypt, sign
Web3.bzz allows you to interact with swarm to download and upload.
Web3.shh communicate on whipser.
Web3.utils.soliditySha3 allows you to make sure you hash the same way solidity does (important because Ethereum uses an earlier variant of Sha3)

Missing Links in the Ethereum Stack – Jack Peterson
Is the lead developer on Augur
Wants to look at Ethereum tooling, call out what he thinks needs improving, and is offering bounties to incentivise it.
Ethereum is a young ecosystem, is missing tools you may be used to in general software engineering. It feels like it is at the old early stages of computer engineering.
Lack of incentive to build good tools. Prefer to just go do another token sale.

Wish list:
We need a better debugger. Remix is too much, it is a full IDE, awkward for large projects, doesn’t integrate with other tooling.
He wants to pull the remix debugger out to be portable (I agree, could bring it in as a VS Code extension)
Put a bounty of 2,000 REP for this https://augur.net/bounties/

Good code vs safe code. Need to think about how other safety critical software works. They do it via fewer features, less abstractions.
2nd bounty of 1,250 REP for a super simple solidity. That restricts things right down to not include inheritance, recursion, etc.
1,250 REP bounty to enable return values in transactions.

EthJS – Precision Ethereum Javascript Architecture for dApps – Nick Dodson
Ethereum in 2017 are a bunch of variants web3.js, EthereumJS, parity.js
He got frustrated with Web3.js and wrote ethJS
It follows Ethereum RPC specifications, and follows an identical provider model to web3.js
Metamask & mist are supported.
It is very similar, just with his opinionated improvements 🙂
ethjs-deploy, configurable contract deployment facility

clip_image029[1]

Panel: Development Frameworks
On the panel is:
Creator of Embark
Jack Peterson, Augur
Andy, DappHub
Nick Dodson, Consensus, boardroom, Weifund, EthJS
Web3J, blk.io
Yann, Remix
Piper Merrium, python tooling ecosystem. Web3Py, populous, Ethereum Package management.

When they got started there were no tools, so they created their own tools.
DappHub: we wanted to solve problems in reusable ways
Nick Dodson: anger and confusion and questioning his own identity, spurred him on to create his own dev tools. Got frustrated with Web3 and wanted to do his own thing.
Lots of talk around how we lack a good package manager right now (EthPM later). We badly need one.
Nick: Don’t waste your time creating another bullshit token ICO that will have a 99% chance of failing. Go and help out with tooling and help the long term health of the eco system. *cheers*

Uport – Usable Key Management for Multiple Identities Across Multiple Chains
“we have built Ethereum’s user platform”
Can handle account management and login. Onboarding new users without Ether. KYC scnarios, etc

clip_image030[1]

All Ethereum app accounts are in one easy place to manage.
Store credentials and badges
Create a completeuser profile store.
Mobile factor auth and signatures

clip_image031[1]

Just because you lose your phone doesn’t mean you should lose access to everything.
Your identity is handled by a simple contract called a proxy.
The private keys are kept on the mobile device.
Can do things like social recovery, with other recovery mechanisms coming in future

clip_image032[1]

Started off as just on a single blockchain. But realised there are many networks. So now supports multiple networks
clip_image033[1]clip_image034[1]

uPort handles account management for older web 2.0 and newer web 3.0
uPort connect library that uses web3 library and sends messages to your phone to authenticate.
Identity is always handled by the end user.

clip_image035[1]

Users want to use apps, not worry about networks and gas.
Guide them through account creation and joining correct network. Solving gas issue by making all transactions going through uPort contract which pays the gas on their behalf?

clip_image036[1]clip_image037[1]

Developers want to issue badges and other credentials to users. Giving some form of attestation
If you achieve a certain certificate, are over 18, just personal things that you can attest. Can keep it off chain.
There are enough companies out there that are doing KYC. Integrating in KYC providers. User shares their KYC badge.
uPort credentials is generalisable as user centric data that forms the basis for reputation systems.
If using an decentralised AirBnB want to track reputation

clip_image038[1]clip_image039[1]

Demo video at https://www.youtube.com/watch?v=FPHXbJPVVaA&feature=youtu.be&t=1h51m10s

Data is the Missing Link: Enterprise grade oracles
Thompson Reuteur
They knew that they could be disrupted with Blockchain. Realised they could become a trusted oracle, as people trust them currently.

Decided to focus on the high value, low volume space.
Focusing on things like share prices, FX rates.
Corda & Ethereum. Currently only on testnets. Will be free, but need to agree to T&Cs.
Show an example of using oracles to pump in prices for ERC20 tokens, and have people buy/selling
Had to architect things differently, to keep their content they license from other parties within the usage agreements.
Looking to expand data coverage. Electricity & natural gas prices requested.
Looking to expand to KYC as a service, for governance & transparency to unregulated markets. So they can help token sales for example.

clip_image040[4]clip_image041[4]clip_image042[4]clip_image043[4]clip_image044[4]clip_image045[4]clip_image046[4]clip_image047[4]

Secure Decentralized Oracles: Applying Intel SGX and TownCrier to external data, payments and off-chain computation – Sergey Nazarov
Smart contracts are unable to connect with external data.
Blockchain middleware takes external data and provides them as inputs into the contract.
Want to connect smart contracts to widely accepted bank payments systems, so can pay in local currencies.
Connect smart contracts from different networks so they can interact.
Centralised oracles are a point of failure. One node as a trigger

Town crier. Is open source.
Run it as a decentralised oracle network.
Use trusted hardware (like intel SGX)

clip_image048[4]

Intel SGX probably returns the execution outputs. Here the executed software is the town crier software.

clip_image049[4]clip_image050[4]clip_image051[4]clip_image052[4]

Scalable Onchain Verification for Authenticated Data Feeds and Offchain Computations – Thomas Bertani

Oracilze wants to help be the general provider of data to smart contracts.
Help bring in data feeds and have multiple parties give authenticity proofs.
Is a more general Oracle offering over Town Crier which is for scoped use cases. Allows chains of trust, and bring back more than one proof of the claim.

clip_image054[4]clip_image055[4]clip_image056[4]clip_image057[4]clip_image058[4]

Snopes meets Mechanical Turk on a Blockchain: Reality Keys, On-chain Truth Verification and Subjectivocracy – Edmund Edgar

https://Realitykeys.github.io/realitycheck
What is truth? It is a big issue at the moment with US politics embracing “alternative facts”.
Any paid advertise can push claims onto your screen. If you are faced with a claim, then you could spend time and effort trying to figure out the validity of a claim. But it is impossible to verify the constant barrage of bullshit so you just let it through. Get hit with enough stories again and again, start to take it as truth.

Created “reality check” Dapp. Is a mechanical turk for truth.
People who give correct answers get rewarded, incorrect get penalised. When answering you put down a deposit, returned if correct, taken if incorrect.
But what happens if someone gives incorrect biased answers, but puts down a MASSIVE deposit and makes it difficult for people to correct them. Can use an arbitrator to resolve it.

clip_image059[4]

Mind the Gap: Application-driven evaluation of Smart Contract languages – Andrew Miller

Research papers. Compared the difficulty to develop apps on Bitcoin scripting vs Ethereum contracts

clip_image060[4]

clip_image061[4]

clip_image062[4]

clip_image063[4]