02 Decentralised Decision Making: What Are Dash's Core Values?

[DeepBlue]

This post is Part 2 of Dash Decentralised Decision Making Strategy: What Are Dash's Core Values?

The purpose of this post is to identify, define and agree upon DASH's core values as a cryptocurrency.

We should consider the values from different perspectives. The values need to be defined for the technology, the community and how we conduct business as a cryptocurrency.

Once decided and agreed on, all decisions we make as a project going forward should be in-line with Dash's Core Values if we are to retain integrity as a reliable money.

One of the most important factors in sound decision making is to ensure that we make our decisions in line with DASH's core values. Making decisions based on our core values ensures that the DASH project retains its integrity. Identifying our core values help MNOs and proposal owners make consistent decisions that are in line with what we believe to be important as a project. These values should never be compromised but should be reviewed periodically to ensure they are still relevant.

The core values are not only applicable for decisions involved in development of the software and infrastructure of the network, but they are also applicable to how community members come to governance decisions.

I see DASH's core values as follows:
1. DASH must be non corruptible (both now and for the future),
2. Radical transparency (in code and investment),
3. Decentralisation (not possible to exploit Dash by minority group of individuals),
4. Efficiency (both Investment and Coding efficiency)
5. Trustlessness (quality decisions can be made without the need to trust any one individual or group.
6. Payment solution - make tech usable by anyone.
7. Integrity
8. An innovative leader in the cryptocurrency space.

Other values I see as important in a decentralise environment are maintaining a healthy and collaborative spirit to the project.

Healthy collaboration is crucially important in a decentralised organisation because the very fabric of the project is held together by positive relationships in collaboration.

I have seen on occasions behaviours by contributors that have not been in line with DASH core values. This has invariable led to harm and sometimes destabilisation of the DASH project.

Core values are one of our most valuable marketing assets and message
DASH core values not only help keep us on track with making the right decisions but they form a basis on how external entities and potential customers perceive us. People buy into and align with projects who's core values match their own. When conducting interviews or when undertaking marketing our core values need to be advertised so that people understand what Dash is about.

It is important we discuss and agree upon what are DASH core values and from now on refer to these core values when decisions are being made on behalf of the network.

I would be interested to know what other MNOs think are Dash's core values or if you have comments on the ones I've listed above. We need to clearly define and agree upon what these values. Once the core values are clearly defined they act as guiding principal for all our decisions made by the network going forward.

 

[GrandMasterDash]

How to be non-corruptible when key DCG decision makers refuse to be subjected to a lie detector test? The CMO answered on their behalf, saying that all code is made public, therefore malicious activity would become immediately obvious. Well, bitcoin is open source but it didn't stop it's takeover by Bitstream. What is DCG's relationship with the FBI and others? Conspiracy theory, yes, but Bitstream is proof that shit like that happens.

 

[vazaki3]

How to be non-corruptible when key DCG decision makers refuse to be subjected to a lie detector test? The CMO answered on their behalf, saying that all code is made public, therefore malicious activity would become immediately obvious. Well, bitcoin is open source but it didn't stop it's takeover by Bitstream. What is DCG's relationship with the FBI and others? Conspiracy theory, yes, but Bitstream is proof that shit like that happens.

Good questions. Especially now , where Dash started to use code written in c# which is based on .NET!!!!

As a CLI implementation of Virtual Execution System (VES), CoreCLR is a complete runtime and virtual machine for managed execution of .NET programs and includes a just-in-time compiler called RyuJIT.[28][a] .NET Core also contains CoreRT, the .NET Native runtime optimized to be integrated into AOT compiled native binaries.

As everyone understand, the one who controls the virtual machine controls Bitcoin and Dash!

 

[GrandMasterDash]

Good questions. Especially now , where Dash started to use code written in c# which is based on .NET!!!!

As a CLI implementation of Virtual Execution System (VES), CoreCLR is a complete runtime and virtual machine for managed execution of .NET programs and includes a just-in-time compiler called RyuJIT.[28][a] .NET Core also contains CoreRT, the .NET Native runtime optimized to be integrated into AOT compiled native binaries.

As everyone understand, the one who controls the virtual machine controls Bitcoin and Dash!

Would someone at DCG like to comment on this???

 

[GrandMasterDash]

Good questions. Especially now , where Dash started to use code written in c# which is based on .NET!!!!

As a CLI implementation of Virtual Execution System (VES), CoreCLR is a complete runtime and virtual machine for managed execution of .NET programs and includes a just-in-time compiler called RyuJIT.[28][a] .NET Core also contains CoreRT, the .NET Native runtime optimized to be integrated into AOT compiled native binaries.

As everyone understand, the one who controls the virtual machine controls Bitcoin and Dash!

According to your reference, CoreCLR is open source. Is there any dash product using a closed source virtual machine?

 

[DeepBlue]

Microsoft has realised that in order for them to stay in the game as a leading software provider they have to go open source on some of their core products that developers can use to build apps. They have also invested heavily in open source projects. Their new business monetization model is to make revenue from end products such as Azure this is why they have made .NETCore and C# open source and cross platform. .NET will be eventually phased out and transferred to .NET Core which will be the successor to the .NET framework. It is not necessary, however, for developers to use Azure if they develop with Microsoft open source technology.

You can search all technologies from Microsoft that have been released to the open source community here:

https://opensource.microsoft.com

Microsoft has already released 60,000 of their patents to the open source community:
https://www.forbes.com/sites/jasone...00-patents-proving-it-really-does-love-linux/
https://techcrunch.com/2018/10/10/microsoft-adds-60000-patents-to-the-open-invention-network/

The youtube video below discusses Microsoft strategy regarding open sourcing their software. The interview is with Julia Liuson, Vice President of Visual Studio and .NET

Therefore, from what I can tell, Microsoft is no longer in control of .NET core, C# or CoreCLR these are now fully open source technologies. Microsoft however is steering the open source projects but they still remain open source.

The licensing for CLI is discussed here:

https://en.wikipedia.org/wiki/Common_Language_Infrastructure

It would not be a sensible business move for Microsoft to move back to a closed source model for their .NET and C# core technologies. Open source enables developers to build applications to run on Azure platform which is where Microsoft will make its money. The world is now moving to an open source model for core infrastructure technology. The money is now being made on specialist end applications and services such as Azure. Microsoft also realised they cannot compete against open source projects which have millions of developers and contributors. They have to go open source to stay in business.

I am not a lawyer, however, my understanding is if Microsoft were to revert back to a closed source business model the technology released before that point will remain open source. In effect it would be like a fork and therefore the code before that fork could continue to be developed freely and independently of any closed source software. Once released to open source the code cannot be reverted back to close source - only new code developed later.

It is important to know that in the next few years .NET will be completely phased out and replaced by .NET Core. However, when this phasing out happens, .NET Core will be simply called .NET and it will be fully open source technology. If an organisation wants to develop software using the .NET framework, it makes sense to develop on .NET Core, and not .NET.

I am not yet clear if the regular .NET framework is actually fully open source. However, I know that .NET Core is fully open source, and if developers want to feel certain about developing apps that are open source and cross platform they should use .NET Core and not .NET.

You can read about .NET Core here:

https://en.wikipedia.org/wiki/.NET_Core

 

[GrandMasterDash]

@DeepBlue Thank you and I appreciate your response. However, it didn't really answer my question; does DCG use any closed sourced virtual machines in any of it's products, including Dash Platform?

I am not happy at all that dash uses Microsoft products but it's a trade-off I have to accept.. but a closed sourced virtual machine of any kind would be alarming and utterly irresponsible.

Even with open source, Microsoft is so in bed with the government, that zero-day-exploits are very conveniently left hanging around. This is the same company that intentionally extended the mp3 format to execute arbitrary code.

 

[vazaki3]

@DeepBlue Thank you and I appreciate your response. However, it didn't really answer my question; does DCG use any closed sourced virtual machines in any of it's products, including Dash Platform?

I am not happy at all that dash uses Microsoft products but it's a trade-off I have to accept.. but a closed sourced virtual machine of any kind would be alarming and utterly irresponsible.

Even with open source, Microsoft is so in bed with the government, that zero-day-exploits are very conveniently left hanging around. This is the same company that intentionally extended the mp3 format to execute arbitrary code.

It is not only whether a virtual machine is open source or not. The problem resides in the nature of the virtual machine itself.

Suppose I have an opensource virtual machine which you trust and you use it into your masternode. Who compiles the virtual machine? Almost nobody. The virtual machine is send as a binary, and (most important) its updates are also send as binaries.

So I could send you my updates, signed by myself (you trust me, dont you?) that could theoritically target your specific IP (your masternode) and send specific troyan horse updates, specially designed only for your IP address and your masternode. These updates will steal your Dash coins, then they will destroy themselves and delete whatever traces, log files or files that are signed by me (in order for you not to be able to prove that you have been attacked by me).

This is the main problem of the virtual machines, and not whether they are open source or not.

 

[GrandMasterDash]

It is not only whether a virtual machine is open source or not. The problem resides in the nature of the virtual machine itself.

Suppose I have an opensource virtual machine which you trust and you use it into your masternode. Who compiles the virtual machine? Almost nobody. The virtual machine is send as a binary, and (most important) its updates are also send as binaries.

So I could send you my updates, signed by myself (you trust me, dont you?) that could theoritically target your specific IP (your masternode) and send specific troyan horse updates, specially designed only for your IP address and your masternode. These updates will steal your Dash coins, then they will destroy themselves and delete whatever traces, log files or files that are signed by me (in order for you not to be able to prove that you have been attacked by me).

This is the main problem of the virtual machines, and not whether they are open source or not.

Understood. The alternative is for DCG to build their own virtual machine, but that brings with it a different set of problems, not just bugs but whether DCG was infiltrated. Seems appropriate to post this link:

Facebook Helped the FBI Hack a Child Predator
https://www.vice.com/en_us/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez

It would be nice if DCG built their own VM but I think it's much more important they use Dash Platform to build an unstoppable github and app store.

 

[GrandMasterDash]

@vazaki3 https://app.dashnexus.org/proposals...ndent-security-audit-and-code-review/overview

 

[forro]

Seems reasonable to have a thorough audit before mainnet release. It can only add to everyone's confidence, helps marketing.
An ongoing bounty program, too, which I think there is already.

@vazaki3 https://app.dashnexus.org/proposals...ndent-security-audit-and-code-review/overview

 

[GrandMasterDash]

Seems reasonable to have a thorough audit before mainnet release. It can only add to everyone's confidence, helps marketing.
An ongoing bounty program, too, which I think there is already.

Yes, don't get me wrong, I think testing and bug bounties are essential, but I also think it's extremely important to have something that is more substantial and independent. Projects like cardano are heavy on academic scrutiny and tezos is strong on formal verification.

 

[Sadan Ali]

That's true. I agree with your point.

 

[DeepBlue]

How to be non-corruptible when key DCG decision makers refuse to be subjected to a lie detector test? The CMO answered on their behalf, saying that all code is made public, therefore malicious activity would become immediately obvious. Well, bitcoin is open source but it didn't stop it's takeover by Bitstream. What is DCG's relationship with the FBI and others? Conspiracy theory, yes, but Bitstream is proof that shit like that happens.

The main goal of this post is to clearly identify, define, and agree on what Dash's core values are. Raising issues on how we can enforce the values is something we can address later, after we have first actually defined and agreed on the values. Having said this, your feedback is still valuable because it suggests we need to look again, and more closely, at the values list if we cannot enforce any value on it.

I made some suggestions for Dash's core values in my first post in this topic. However, that does not mean to say these are Dash's values, until the majority agree upon them. You have raised a concern about how we can ensure one of the core values that I suggested could be met. This was the core value that DASH needs to be "non-corruptible, both now and in the future".

Firstly, what do you think about the actual list of DASH Core values I posted? More specifically, should this be our list of values? Or, should there be others on this list? This is irrespective of if we can actually meet them at this stage.

If you think non-corruptibility is a worthwhile DASH core value, you have raised a valid point on how we can ensure that DASH retains its non-corruptible nature.

If we cannot maintain a value on our list, e.g. non-corruptibility, it points to the fact that there may be some additional values that need to be added to the list. These additional values could well enable us to ensure we meet our values. One additional value that comes to mind could be the value of accountability, which is not yet on the list of core values.

Your concern, that we cannot meet the core value of incorruptibility, is valuable feedback because it points to the fact we may well be missing some other core values.

Therefore my question for you, and for others, is as follows:

1. " What do people feel about the core values that are listed in my first post in this topic? Are these values that the DASH community feel we should ideally uphold, protect and have?

2. "What other additional core values should the DASH project ideally have?

I would suggest at this stage we simply identify, define and agree on the core values first. Then we can worry about how we are going to meet them later.

 

[forro]

Accountability seemed to be implied but better if it is explicit. When you feel this is ready for a vote post an address and I will donate one dash.
I hope there is more participaton if/when funding is coming directly out of our pockets.

 

[DeepBlue]

Accountability seemed to be implied but better if it is explicit. When you feel this is ready for a vote post an address and I will donate one dash.
I hope there is more participation if/when funding is coming directly out of our pockets.

Thanks forro for your feedback and contributions to these posts. I agree with your view. With decentralised decision making we need to explicitly state what our values are and to have a system to vote on them and then document them.

I have posted another forum message about the concept of the Dash Decentralisation Charter (DDC) which documents and records our decentralised decision making philosophies, values, principals, best practises, experience and most valuable learnings etc which would act as a guiding set of principals that the Dash project could live up to.

You can read more about the concept of the DDC here:

https://www.dash.org/forum/threads/...-the-dash-decentralisation-charter-ddc.50379/

The DDC would act rather like the Declaration of independence for the USA by the founding fathers. However the difference is that a decentralised charter will be a fluid document that is constantly refined and updated. Each principal that enters the charter would be voted on by MNOs before it can enter the charter. This also will help with our decision making processes in the Governance system because this document would act as a set of agreed, worked out principals that MNOs can refer to.

I have spent a lot of time thinking about decentralised decision making for the past few months. Most of the issues identified there are solutions to most of them. However we need input from MNOs to challenge, contribute and enrich and eventually vote on each principal. I have also thought of a way for this also to be achieved in a decentralised way however it would require quite a lot of development work however it is important to start the process. Effective decentralised decision making is of critical importance for the DASH project's success.

 

[vazaki3]

The main goal of this post is to clearly identify, define, and agree on what Dash's core values are. Raising issues on how we can enforce the values is something we can address later, after we have first actually defined and agreed on the values.

I disagree.
We should first discover a way to enforce the Dash's core values , and then after having the means to enforce, we could decide what the values are.
Or at least we should both enforce our values and decide our values, at the same time, in parallel.

"War is the father of all and king of all" - Heraclitus

 

[vazaki3]

One additional value that comes to mind could be the value of accountability, which is not yet on the list of core values.

I agree that accountabiliy is a very important value.

 

[DeepBlue]

We should first discover a way to enforce the Dash's core values , and then after having the means to enforce, we could decide what the values are.

Actions taking out of a logical order will be ineffective. Actions taking out of order will cause more damage than good. People will not vote for an enforcement procedure before they agree on what is of value to be enforced because there is low motivation, no "buy in" and therefore low commitment. When actions are taken out of order they will be ineffective because people need to feel motivated that what they are voting for is right.

Case in point: I have just noticed that there is a poll posted at DashCentral https://www.dashcentral.org/p/poll-immediate-independent-security-audi

I believe the above poll, unfortunately, will be ineffective in achieving its goals. For the following reasons:

1. Pre-discussion There was no detailed pre-discussion about this poll before it was posted at DashCentral. Therefore, there is little to no "buy in" by the great majority of MNOs before the poll was posted. In a decentralised environment it is essential there is an opportunity for voters to think on the reasons for posting the poll in the first place. This helps participants think if the poll would be worthwhile and how it should be worded. Discussion on a poll before posting also provides invaluable feedback to the person posting the poll in order to know how to correctly word the poll to have maximum clarify and voter participation.
2. Wording: The wording of the poll is ambiguous with more than one decision rolled up into a single poll. The poll should have been worded with just one clear outcome e.g. focusing only on the code review for security purposes or only on DCG accountability - not both in the same poll. Why because now someone that may not want to hold DCG accountable but does want to have a security review will not know how to vote. Therefore the poll is now splitting the voters on two themes will lead to confusion and therefore lack of clarity in voting.
3. Timing: Actions must be taken at the correct time. This poll for code review is not posted at the best time in the code development in my opinion.
4. Order: Actions need to be taken in the correct order for them to be effective. The spontaneous posting of this Poll without going through the logical steps I've listed here is unlikely to pass. Order of events is crucially important.

Since the current poll mentioned above is lacking all of the above points it is likely to be ineffective in achieving its objectives. It will also make future polls on DCG accountability less effective.

My personal view is that this poll could actually do more harm than good and will confuse matters when we actually need to do future effective polls on DCG accountability and code security.

You don't have to agree or disagree with me on what I've written here. We just need to wait for the result of the poll and we will see if what I have written above is correct or not.

 

[forro]

I think vazaki was joking, it got a chuckle out of me. Of course none of this is enforceable. Masternodes are going to vote for what they want no matter what. I think that's fine. Still, I think this whole exercise is worthwhile. One, it will show that MNOs can reach some degree of consensus on some fundamental values other than self-interest. Two, it can show proposal owners what sort of framework they should us to increase the chances of their proposal passing, and increase the chances that proposals are actually useful.
It can show new MNOs what things they should be looking for when evaluating a proposal.

For now all it takes to pass a proposal is a good sales pitch. That has to change.

 

[GrandMasterDash]

Case in point: I have just noticed that there is a poll posted at DashCentral https://www.dashcentral.org/p/poll-immediate-independent-security-audi

Fact: The concept sat there, pre-proposal, with almost no comments because MNOs don't bother to look. Dash Nexus was paid for from the treasury, you'd think MNOs might actually take the time without being directed from somewhere else. And as for time to debate, be my guest because I intentionally posted near the beginning of the cycle. Plenty of time to debate though I suspect it will be, yet again, fruitless.

Both Dash Core and Dash Platform are increasingly diverging from the bitcoin code, which itself is not foolproof. More so, Dash Platform is using third party tools that add significant attack surface to take down the entire masternode network. Blame "ambiguity" all you like and vote No, but perhaps I will have the last laugh if it's rejected and then Dash Platform is hacked. MNOs should prepare their excuses ahead of time.

Before casting a critical eye over my proposal, perhaps you can ask yourself why Dash Core has not commented at all when it so directly affects them?

 

[DeepBlue]

Fact: The concept sat there, pre-proposal, with almost no comments because MNOs don't bother to look. Dash Nexus was paid for from the treasury, you'd think MNOs might actually take the time without being directed from somewhere else. And as for time to debate, be my guest because I intentionally posted near the beginning of the cycle. Plenty of time to debate though I suspect it will be, yet again, fruitless.

To be clear: I am casting a critical eye on how you chose to post your poll. Ironically the manner in which you have posted the poll will have exactly the opposite effect of what you intended. When I saw your proposal it actually looked to me like you were are attempting to let DCG off the hook for accountability by mixing up themes for the vote and posting the poll before sufficient debate occurred on the the themes BEFORE posting the poll. Debate in the poll itself is too late. It needs to be before the poll is posted so that you can see the potential issues with the actual poll wording and timing of the post itself. You can fire back and me all you want. I'm telling you that you did not post this poll in the correct way to get the effect you claim you want.

The two points raised in your poll itself are absolutely worth polling for but the problem is you mixed the two themes of DCG accountability and the security issue with the software. In addition I think the wording itself of the software security part needed to be different. Why? because as you can see from the comment in the poll from DCG quantumexplorer that they have not yet finished or tested the release. Therefore if your point was specifically about security on the Virtual Machine that requires action now then the wording of the polls should have exclusively been focused on that only.


Note however I would still not post this Poll until we received extensive feedback for several months from the community. Having said this this is how I would have worded the poll:

Suggested Poll: Independent Security Audit if DASH should use a Microsoft Virtual Machine For Running Dash Platform?

Wording: This poll is to determine if there should be an immediate investigation into the security issues associated with the Dash Platform being run on a Microsoft virtual machine. Vote YES to signal that there should be an investigation into the Microsoft Virtual machine and its consequences on security for the DASH project. Vote NO for no investigation of security issues with Dash Platform running on a Microsoft Virtual Machine.

Then give the specific reasons why you have concerns about the virtual machine ONLY and absolutely nothing about DCG accountability. DCG accountability should have been in a separate poll. Again, I wish to emphasis even with this wording I would not post the poll until there was several months discussion and debate about it.


Regarding Dash Nexus: I have tried twice previously around 1 year and 6 moths ago to register my masternodes at DashNexus and the nexus system would not accept them. I sent a message to nexus asking for support on this and got no reply. I could not register my MNs. I am CEO of a company. I haven't got all day to setup something that should take a few minutes. I decided to stay with Dashcentral as it is still operational and functional. So in my case it isn't because "I couldn't be bothered" as you label it. I haven't got the time to be faffing around with a service that did not allow me to register twice.

You also have to realise MNOs aren't reading everything in every Dash channel. It isn't I can't be bothered. I don't have the time. On a typical day I wake at 05.30am and work on average until 21:30 - many times to midnight. The main time I have to contribute to DASH is at the weekend. I am not on Discord - because I simply do not have the time to be contributing there. I decided that my main contribution would be on the proposals - for me that is at Dashcentral due to issues I had with Nexus. I also make occasional contributions at the forums with posts like these.

What I expect to see is at least is a pre-proposal is for it to be mentioned in multiple channels at least a few months before it is intended to be posted. This gives everyone an opportunity to actually become aware of the pre-proposal and for feedback to be given before a poll is posted. Discussion of the poll should be done months before the posting. It should be discussed in the Dash Forum as well as at nexus and they should be extensively linked to with text that actually describes what the page is about in a description. If you are on Discord links to both the forum and nexus would be given to the community months before you intend to post officially to make certain people aware of the intended poll. Where is your URL of the pre-discussion in the forum? I don't see a dedicated page on your pre-proposal discussion on the Dash forum - send me the URL. Where it it?

If I post an article on the forum it takes months for the number of views to be registered and for people to notice it. You have to give people enough time.

Before casting a critical eye over my proposal, perhaps you can ask yourself why Dash Core has not commented at all when it so directly affects them?

I have been about the only MNO challenging Dash Core Group on their proposals. I don't remember seeing your contributions @GrandMasterDash in their proposals anywhere near as much as my comments. For well over a year I was asking challenging questions and of the DCG on their proposals to get clarity and more accountability. Very few, if anyone, supported me or my comments. Clarification: When I write DCG in this post I mean specifically DCG management. I, more than anyone, have worked to get DCG management more accountable. This is why I am particularly bothered that you have chosen to post your poll in the manner that you have - significantly lessening the effect that it could have had if it was posted in the right manner.

I challenged DCG on their wanting to spend a million dollars on google ads. I challenged DCG on getting clarity on the actual number of full time employees they have as opposed to part time people. I challenged them on the consistent and repeated missed goals and targets for Evolution release dates. I challenged them on how how they were running Agile process. I challenged them on their connections with Alt36 and the waste of money, time and resources on that project. I challenged them on their costs of office space at 55,000 USD for space they are not even regularly using according to a reliable source that lives in Arizona and have visited their offices multiple times and found them completely empty. So I'd appreciate it if you don't lecture me on challenging DCG! I did more than you ever did on challenging DCG in their proposals and I don't recall seeing your support there. I have now given up on attempting to hold DCG accountable on my own. My comments were mostly ignored by DCG and I got little to know support from other MNOs. That is when I finally realised the problem.


We have to bring large numbers of MNOs together into an aligned way of thinking and form an official association for MNOs if we are to have a chance to effect real change and hold DCG management fully accountable.

You asked "Why are DCG not replying" Answer: Because the poll was poorly and ineffectively posted. It has mixed themes and the timing was not good. There was no buy-in from any MNOs prior to the posting of the poll. Those are the reasons why they are not responding. DCG know that if they stay quiet the poll will be ineffective. DCG management know this because of the following:

1. DCG are currently indispensable to the project and they therefore can do whatever they want and not feel obliged to be accountable to anyone, including MNOs. The DCG idea of accountable is to produce a quarterly report, which they produce and is not open for audit by a 3rd party such as DashWatch. That is not accountability.

2. DCG know that if a single MNO, like you for example, decide to post a poll on their own, without the buy in and support of other MNOs in advance, they can comfortably ignore it. There is simply not enough MNOs working together supporting each other to make DCG accountable.

MNOs holding DCG accountable on their own is going to fail because it is just one or two voices. However MNOs forming an association and working together a bit like a union we will have a much greater powerful voice and much more power to hold DCG accountable. That is one of the reasons I 've started posting in the forum my posts on Governance we need to bring MNOs together to have a stronger voice.

I have posted a new post on how to solve the problem of MNOs working individual. I am proposing we setup The Dash Masternode Association to strengthen our voices. See the following post:

https://www.dash.org/forum/threads/...aking-the-dash-masternodes-association.50390/

Everyone has their strengths and weaknesses. Clearly your strength is with the technical understanding. My strengths are primarily in business and knowing what works to get a message across.

This issue of ineffective poll posting is another reason why I made the post on the importance of us developing a Dash Decentralisation Charter (DDC) which formalises policies such as how to effectively post a poll. See this posting for more information:

Dash Decentralisation Charter
https://www.dash.org/forum/threads/...centralisation-charter-ddc.50379/#post-222473

 

[GrandMasterDash]

@DeepBlue MNOs will vote however they choose, I'm beyond caring. When I state facts, people here don't like them. That concept was sitting there well before it became a proposal and people should be asking themselves, why did no one at DCG themselves ever respond to it? - even when the proposal went live, nothing. No one has to take my word for it, just ask Dash Nexus to release the relevant logs, I give permission.

As for ambiguity, read it as you please, it's not that hard to figure out what it's saying and it's not that hard for DCG to put their hand up and say, "you know what, maybe we should have an independent review". It doesn't REQUIRE a proposal to uphold security ffs. The fact is, the dash code base has diverged a lot from the bitcoin code base, and Dash Platform itself is a major departure using third party tools that could compromise dash's security. Instead of nitpicking over this proposal, how about people start asking DCG directly? How about DCG respond to the issues at hand instead of remaining silent?

Every day, hundreds of millions of dollars of dash are traded, that's a responsibility that needs to be taken seriously with or without a proposal. But let the proposal fail, let's not ask hard questions of DCG and let's just hope that dash platform doesn't get hacked. For my piece of mind, I'll be posting more proposals and asking more questions, and for every fail I will be selling dash. Rest assured, if dash gets hacked, I'll be back to remind everyone how it could possibly happen.

 

[qwizzie]

I agree with DeepBlue on two points :

* you mixed the two themes of DCG accountability and the security issue with the software (which are two separate topics, that people could have different opinions about).
* you were lacking in the pre-proposal discussion phase, where above point could and should have been corrected. I find it strange that nobody mentioned this in that closed concepts thread of yours.

I also find it strange that when Dash Nexus apparently closes a concepts thread, it disappears completely. Not only from the concepts section but also from your posting history on Dash Nexus.
Why did your concepts thread get closed, but other threads of yours in the concepts section are still open and visible there ? It is just weird.

 

[forro]

I agree with DeepBlue on two points :

* you mixed the two themes of DCG accountability and the security issue with the software (which are two separate topics, that people could have different opinions about).
* you were lacking in the pre-proposal discussion phase, where above point could and should have been corrected. I find it strange that nobody mentioned this in that closed concepts thread of yours.

Agree. Post pre-proposals here to the forum. It should always be required. MNOs should reject any proposal that doesn't do so. @GrandMasterDash It's clear you want to see some accountability and transparency. So do I. Incentives matter. What changes would you make to attract good MNOs, who will make sure only good proposals pass, hold them accountable, and maintain transparency? This is not a tech question, it is an economic question.

I also find it strange that when Dash Nexus apparently closes a concepts thread, it disappears completely. Not only from the concepts section but also from your posting history on Dash Nexus.
Why did your concepts thread get closed, but other threads of yours are still visible there ? It is just weird.

I don't use dash nexus, but doesn't that seem suspicious? Does that not seem like censorship? Hasn't the network paid a fairly significant sum to the dash nexus team over time? Has anyone calculated how much in USD equivalent they have received since inception? I feel the ROI on that project is abysmal. Dashcentral has been quietly working since day 1 with only donations.

But MNOs love spending that free money! Nine yes votes out of ten is an intentional action to flush your own money down the toilet.

 

[GrandMasterDash]

I agree with DeepBlue on two points :

* you mixed the two themes of DCG accountability and the security issue with the software (which are two separate topics, that people could have different opinions about).
* you were lacking in the pre-proposal discussion phase, where above point could and should have been corrected. I find it strange that nobody mentioned this in that closed concepts thread of yours.

I also find it strange that when Dash Nexus apparently closes a concepts thread, it disappears completely. Not only from the concepts section but also from your posting history on Dash Nexus.
Why did your concepts thread get closed, but other threads of yours in the concepts section are still open and visible there ? It is just weird.

You keep saying the proposal is mixed when it's not. There is significant divergence from the bitcoin codebase that has never been formally and independently reviewed, and Dash Platform is completely new code using third party tools that may pose security risks for dash as a whole. If you disagree with either of these "mixed" messages then you should vote No. Errors in code are errors in code, regardless of where they are. Exactly as the graphic for the proposal says, "Dash is as strong as the weakest link". People should vote No if they don't want to find the weakest link(s).

More so, I have no idea why anyone would fight so hard to say No over something so fundamentally important. I mean, we don't mind handing over 60% of the treasury to DCG and we don't mind discussing the economics of doubling their funding over the next five years. But to have a credible and independent report that extols the wonders of Dash Core's security, oh no, couldn't possibly vote for that, it might just give dash too much credibility, couldn't possibly be worthy of that.

As for Dash Nexus; concepts are converted to proposals, AFAIK they don't remain as concepts. You create a proposal and then when you're ready you change the last part of the url from "/overview" to "/submission".

 

[GrandMasterDash]

@DeepBlue I think the diversity of opinion and expertise among MNOs is too large for us to agree on what dash values should be. Instead, we can form a living document based on the outcome of previous proposals. For example, there was a winning proposal that said transaction fees should remain under one cent.. that would translate to, "Dash is committed to low transaction fees for it's end users, as laid out in proposals X, Y and Z".

 

[qwizzie]

You keep saying the proposal is mixed when it's not. There is significant divergence from the bitcoin codebase that has never been formally and independently reviewed, and Dash Platform is completely new code using third party tools that may pose security risks for dash as a whole.

Problem is not the Dash Core Wallet codebase review in combination with the Dash Platform code base review, you are also talking about Dash Core Group needing to be audited through an independent auditor like Dash Watch.
And you brought that into this poll when you stated that like this :

''independent security audit and code review of both Dash Core and Dash Platform''
Which you later clarified even more by stating in a comment : ''Dash Core Group has repeatedly excluded themselves from Dash Watch reports and has, to my knowledge, never contracted an independent review.''

Which makes this much more then just a security audit and code review for Dash Platform and the Dash Core code base.
You actually want both a security audit and code review on Dash Platform and the Dash Core codebase & you want a budget / security audit on Dash Core Group.
That is a no go in a single poll. It is either the first or the last, not both.

 

[GrandMasterDash]

Problem is not the Dash Core Wallet codebase review in combination with the Dash Platform code base review, you are also talking about Dash Core Group needing to be audited through an independent auditor like Dash Watch.
And you brought that into this poll when you stated that like this :

''independent security audit and code review of both Dash Core and Dash Platform''
Which you later clarified even more by stating in a comment : ''Dash Core Group has repeatedly excluded themselves from Dash Watch reports and has, to my knowledge, never contracted an independent review.''

Which makes this much more then just a security audit and code review for Dash Platform and the Dash Core code base.
You actually want both a security audit and code review on Dash Platform and the Dash Core codebase & you want a budget / security audit on Dash Core Group.
That is a no go in a single poll. It is either the first or the last, not both.

"you" "you" "you", what is wrong with you? It's not about me, the proposal doesn't mention Dash Watch, you're either twisting things out of context or challenging one thing while ignoring others.

You have voted No so what does it matter now? Going to change your mind? - no, I didn't think so. This proposal is about the security of the dash masternode network, which I assume you care nothing of, for if you did, you would submit your own proposal, which of course will be so much better and clearer than mine, right? So stop wasting my time and do as you please. I would say the pleasure will be mine to see your response if the masternode network is ever compromised, but I suspect you'll still deny and have excuses to how exceptional it might of happened. It's really hard to fathom how you might sit there and go to such lengths to defend DCG from a security audit unless you know something that I don't. If you think bug bounties and testing is the only thing needed then you're wrong, plain and simple.

 

[DeepBlue]

"you" "you" "you", what is wrong with you? It's not about me, the proposal doesn't mention Dash Watch, you're either twisting things out of context or challenging one thing while ignoring others.

Your proposal originally did mention Dash Core Group not being accountable to Dash Watch reports. However that text has now been edited out from your proposal wording.

However, even with the edited description, I am still unable to agree with your proposal the way it is worded because of the factors explained below. I am showing you how it I believe it needs to be worded so that MNOs would be able to vote positively for it. As I've already stated previously in my messages I think there is value in a poll addressing these issues. However, the way it is worded now I could not agree to it because of other requests which it is asking for which would not be beneficial.

1. Below is a copy and paste of your exact text for the heading for the poll as taken on 06th July 2020. I am copying the text exactly as written so that if it is edited after I post this comment we can refer back to this text.
"Poll: Immediate Independent Security Audit and Code Review"

I will break down your request into parts and show the issues I have with what you are requesting. The above requests the following things:

1. Immediate Review: The audit be undertaken immediately i.e as soon as the poll is completed (if it was presumed successful poll)
2. Independent Audit: An independent audit i.e. an external body separate from DCG that has sufficient expertise in both the programming technologies used by DASH and to have experience in undertaking the security audit on the code with respect specifically to potential security issues.
3. Code Review: An Audit on Security and a Code Review. I presume you mean a Code Review with specific regard to the security only? or do you mean a code review for Security and other issues such as bugs which may not have a security issue?

In addition to the above you have this sentence in the description of the poll which, again I will copy and paste directly from your poll proposal from Dash Nexus at 06th July 2020

4. Exact text from your poll copy and pasted: " I therefore call for the release of Dash Platform to be pushed back until we have initiated an independent security audit and code review of both Dash Core and Dash Platform."

I will take each point in turn.

1.. Immediate review: I do not agree with an immediate audit. If there was a code review to be undertaken it should be when the code is completed and ready to be finally released. To do an immediate review i.e. before the code is even been tested, bug fixed and tested internally by DCG would be a waste of time and money because there will be bugs and issues that DCG themselves will find and fix. My view is that an independent code review for security issues should be undertaken after DCG has completed their own testing and bug fixing on the code and before the final code is released. If we did as you requested we would waste money doing a code review now and then having to do another code review after DCG have completed their own development and bug fixing. This is illogical. Code review should be done AFTER the code is completed and ready to be released.

2. Independent audit: I agree with this. However we would also need time to find a reputable organization that has substantial experience and knowledge of undertaking a detailed code review and also understand Blockchain technology. This would also require time and a separate budget therefore this could not be undertaken immediately.

3. Code Review: I agree with this specifically with regards to security of the code . There are many types of Bugs and to do a complete audit on all bug types e.g. GUI bugs, formatting bugs, etc would be a huge undertaking. Therefore the code review should be specifically focused on finding Security Bugs and potential Security issues with the overall architecture.

4. Independent security audit and code review of both Dash Core and Dash Platform." This needs to be reworded. You are asking for an audit on Dash Core and Dash Platform. When you refer to "Dash Core" what exactly do you mean? Do you mean Dash Core Code or do you mean Dash Core Group? It it is Dash Core Code you need to state Dash Core Code.

Previously, you also stated you want an audit on Dash Core Group, and you mentioned they were not held accountable to Dash Watch - I notice that this text has now been removed from your poll description. However that means that MNOs may have previously voted for the audit on Dash Core Group but didn't want to pay for an independent Audit on the code. This therefore invalidates the poll.


If MNOs want a poll to be successful it is essential to wait sufficient time for community feedback on the poll. @GrandMasterDash did not leave sufficient time for feedback on the proposed poll wording and goals and in addition did not post the proposed poll at the Dash forum. This means we have now got a potentially valuable poll, that could have been very helpful and could have passed, with a poll that has caused MNOs to not vote for it because it is not requesting what the majority of MNOs actually want.

"you" "you" "you", what is wrong with you? It's not about me, the proposal doesn't mention Dash Watch, you're either twisting things out of context or challenging one thing while ignoring others.

You have voted No so what does it matter now? Going to change your mind? - no, I didn't think so. This proposal is about the security of the dash masternode network, which I assume you care nothing of, for if you did, you would submit your own proposal, which of course will be so much better and clearer than mine, right? So stop wasting my time and do as you please. I would say the pleasure will be mine to see your response if the masternode network is ever compromised, but I suspect you'll still deny and have excuses to how exceptional it might of happened. It's really hard to fathom how you might sit there and go to such lengths to defend DCG from a security audit unless you know something that I don't. If you think bug bounties and testing is the only thing needed then you're wrong, plain and simple.

@GrandMasterDash Nobody is saying they don't want DCG accountable. State specifically where I, or any other MNO said they don't want accountability from DCG? What myself, @qwizzie and @forro are saying is that what you have actually requested in your poll, using the words you have used, is not something that MNOs are likely to vote for.

I would vote YES for an independent security audit to be taken before the code is about to be released, but not now, before DCG have actually finished the code. DCG should finish the code and bug test the code first along with any other bug finding, then, and only then, we undertake an independent 3rd party security audit on the code and architecture of the code.

I would vote YES for the MNO network to agree that DCG must have their quarterly reports audited from DashWatch or a 3rd party accountancy firm who are overseen by DashWatch. However, note, that this would also cost extra budget money because the audit would be substantial. However if we had a 3rd party financial audit on DCG accounting then the network would have reasonable financial accountability from DCG.

However, as I've said before. The exact wording of both of the suggested polls above would have to be discussed thoroughly and agreed on before the polls are published to ensure the poll objectives are clear and get a general feel of what the network thinks about the polls.


Lesson from this : MNOs need to post the proposed poll text exactly as it is intended to be posted several months in advance on multiple channels including the Dash Forum and wait for the feedback before posting the poll officially.