Disclaimer: This is my editing, so there could be some misunderstandings.
For the general view of 'what's going on?' of this dynamic ride...
2/16
dom어제 오전 5:44
Just FYI: the team is now working on a plan on how to recover from this and get the network back into operations while also allowing anyone who might have been affected to safely transition. there are no guarantees just yet, but we will do our best to get this through ASAP. Hopefully we will have a concrete action plan tomorrow and will then communicate it.
On the vulnerability side, all parties are notified and they are working with law enforcement and external auditors to fully understand how this happened. We will keep you guys posted.
dom어제 오전 5:47
needless to say, that the vulnerability itself was rather sophisticated and required access on multiple levels to be able to execute it on this scale. Hopefully we will be able to share more soon.
[Did the vulnerability existed after or before the audit on trinity?]
after the audit
dom어제 오전 5:51
Currently it looks like this will only be for recent Trinity Desktop users
dom어제 오전 5:56
the entire Trinity team did an amazing job and there is not a single person to blame. The attack itself was very sophisticated and targeted at IOTA and Trinity itself. We are already working on v2 where none of this would be possible. We will share our learnings from this publicly and also share what kind of precautionary measures we are taking.
dom어제 오전 5:58
The community also did an amazing job in helping to guide us through and give assistance to other community members.
dom어제 오전 5:58
we actually were having discussions a few weeks ago to rename Trinity (because of the religious connotation)
Jelle Millenaar [IF]어제 오전 6:37
We didn't really have panic and chaos. We actually worked really well together.
Jelle Millenaar [IF]어제 오전 6:38
[IF members, do you get paid Over Time for all the awesome work or PURE DEDICATION?]
nobody considers this overtime or anything. We just contribute because we know it is needed.
dom어제 오전 7:45
[If dependencies carry this risk, maybe they should've done an official CORE wallet and saved all the fluffy stuff for a third party app.]
that's how the new Trinity will work. Sucks that it happened now especially after we wanted to put it into maintenance mode anyways
dom어제 오전 7:49
[How do we know if the hacker has our seeds?]
this is related to a third party, unrelated to IF or IOTA
dom어제 오전 7:50
we know that this could have only been done through intrusion / collusion of an external source.
[Dom are you fully confident to solve all those problems especially regarding the possibility of even more people getting scammed instantly after coo is back again?]
yes, relatively sure. That is why we are taking the necessary time to plan accordingly.
dom어제 오전 7:55
We will provide more information on how this exploit was done soon. All the involved parties are aware of the situation
dom어제 오전 7:58
[Please give us some time before you start the coo information that we can move to new seed instantly]
don't worry, we will get it all sorted out.
dom어제 오전 8:22
once life is a bit less "tumultuos" I still want to work on that Autonomous Bar concept powered by IOTA (access control, id verification, payment and a bunch of robots)
Eric Hop [IF]어제 오후 2:44
Pretty good. I'd be surprised if we find more theft bundles. Only found one more today, while building a timeline of the theft.
Eric Hop [IF]어제 오후 2:50
We have several separate teams. One is looking at how to resume. One is looking at how to be able to rescue the funds. Others are interacting with law enforcement and third parties. I'm part of DAFT. The Data Analysis Forensics Team. Haha
Eric Hop [IF]어제 오후 3:01
Some if the people in Coordicide team like Hans have been helping out. It was an all hands on deck situation. I actually loved it. We haven't had this much of a team spirit in quite a while. Usually everyone plays in their own sand box. But this time we all played together on the beach.
It's such a joy working with so many extremely smart people. With so many eyes on the ball we did not miss much opportunities to figure things out.
Eric Hop [IF]어제 오후 3:07
And for me personally this was a great time. I am all about puzzle solving. And this was the greatest puzzle of all. With a built-in time limit. Haha
Eric Hop [IF]어제 오후 3:12
I'm not doing official statements. But we have a good overview of what happened and the extent of it. Right now we want to hammer down how to resume without risks and how to safeguard the stuck funds if possible. What is especially funny to me is that the coordinator that everyone was bitching about for years did exactly the thing it was meant to do. It allowed us to halt an exploit that otherwise would have cost everyone dearly.
Eric Hop [IF]어제 오후 3:15
It was meant as safeguard, training wheels, while we mature. And while we need to remove it due to it being a single point of failure and a bottle neck to scaling, I will be kind of sad to see it go.
Yes, IF would have done the same to safeguard funds, if a third party wallet would have been the cause. Just because we can.
Eric Hop [IF]어제 오후 3:37
Yes it was a manual attack. The sophistication was in the exploit. But he seemed to be not too sophisticated iota-wise. Everyone has their specialties I guess.
Eric Hop [IF]어제 오후 3:41
And as an aside I wish people would fuck off about the whole iota not being decentralized because of coordinator, when every block chain token is centralized around a few mining pools that seriously disrupt any possibility for positive software development. They fucking hold back everything that influences their bottom line. Which is why Bitcoin and the rest have pretty much been stagnant for years while we move forward constantly.
dom오늘 오전 7:08
We will release a new Trinity version tomorrow with the fixes implemented. It's not yet the full transition tool, but it's the first step towards fully going back to operations.
dom오늘 오전 7:09
Just wait for the rest. It is important that we get this 100% right and we are still further investigating, so there is a lot of behind the scenes work happening right now.
David Sønstebø오늘 오전 8:52
So... Tangle EE
Quite cool eh?
It's so unfortunate that this asshole managed to distract everything away from one of the biggest steps towards global adoption
Let's not give this fuckface further attention. The cause has been identified, law enforcement is involved and mitigation strategy is being worked on. There will be further official updates, but let's not halt the whole IOTA project due to one idiot.
David Sønstebø오늘 오전 8:56
[Is he identified?]
Let's just say that there's a lot of traces. The attacker does not seem to have been too sophisticated. Official update on Monday will provide details.
David Sønstebø오늘 오전 9:03
[How will this situation affect iotas partners?]
My best guess: further increasing our reputation as an organization that solves hard problems efficiently and doesn't shy away from difficulties. Every company in the world has had issues similar to this. Keep in mind that this does not at all affect the protocol/Tangle/IOTA.
David Sønstebø오늘 오전 9:08
We do have a bounty program. This/these individual/s were not interested in the greater good, pure greed and incompetence
David Sønstebø오늘 오전 9:10
[Any examples of use cases for DID on the tangle?]
Virtually all use cases on Tangle requires a secure identifier and verifiable credentials. What I think will happen is that once Tangle EE ships the first version, all other companies using IOTA will start to implement it
[One more question: How transparent will tangle EE be for the community?]
100%. This is why I/we consider Tangle EE to be such a significant milestone, it's not "just" IF, this is a coalition of major companies, start-ups and leading academic institutions building the solutions
David Sønstebø오늘 오전 9:11
[any ETA for the 1st Version?]
That's another good thing, IF won't issue the ETAs, Tangle EE will :
David Sønstebø오늘 오전 9:12
[What does T(angle)EE do exactly?]
It's a partnership and collaboration between several entities to develop and ship code and blueprints that are relevant for product developers and service providers
That blog post is a good read to get better comprehension
David Sønstebø오늘 오전 9:13
It's incredibly important that IF's role slowly but surely decreases in importance. IOTA has to succeed independent of IF post-Coordicide and multiversial-slicing (advanced sharding equivalent)
David Sønstebø오늘 오전 9:14
I would say that it's an incredible important piece of the puzzle. Naturally Object Management Group (OMG) in Tangle EE will be key here as well, but IOTA is not married to "just" Eclipse. We also work closely with Linux Foundation. However, Tangle EE is very focused
David Sønstebø오늘 오전 9:22
I don't think IF will disappear, however, it will hopefully be purely R&D-driven in 10 years, whereas the other efforts are taken over by the ecosystem (companies, academia, start-ups and enthusiasts). Even post-Coordicide, we already now have theories on how to go way beyond even that. If we achieve our goal of IOTA being equivalent to TCP/IP, there will naturally be continuous development and research in the foreseeable future. I doubt we will reach complete satisfaction, especially now that smart contracts and oracles enter the equation: there's certainly more work to be done for IF, but my goal is for IF to "simply" be R&D
David Sønstebø오늘 오전 9:27
Definitely. This is why I coined the requirement for a "grandma on crack"; this is truly how simply using IOTA should be in 2-5 years. Just like very few even know wtf TCP/IP is
David Sønstebø오늘 오전 9:57
I agree 100% with your assessment, though as would Netflix do with Blockbuster's assessment when they declined to acquire Netflix. At the end of the day it's all about basic economic and human behavioural principles.
Human nature does not change, but our environment does. Disruption will continue forever. Darwinian principles will forever remain true.
A better option = adoption. It doesn't matter how hard the incumbents fight against it, they either adapt or go Kodak/Nokia/AOL
No comments:
Post a Comment