Do you know C? Familiar with Bolos? Read on ...

in #hive4 years ago

Do you know C? Familiar with Bolos? Want to help peer-review the Hive Ledger Bolos application?


One of the requirements to finalizing the Ledger application that I overlooked is there is a need to get a peer-review of the security of the Bolos application and to ensure that there are no drastic bugs present.

When developing secure wallet applications, it is necessary to have a secondary, or tertiary, set of eyes on the code to validate and audit the quality of the application.

Are you a programmer that has knowledge in C or at least very good at reverse engineering open source code? Do you want to perform a community led peer-review of the Hive Ledger application source code?

What is BOLOS

The operating system behind all Ledger personal security devices is called the Blockchain Open Ledger Operating System, or BOLOS for short. BOLOS provides a lightweight, open-source framework for developers to build source code portable applications that run in a secure environment.


I am making this post to see just how many competent developers there are out there that could successfully, and effectively, validate and audit the open source, already done, Hive Ledger Bolos application.


There are claims that I have done nothing and am just greedily taking money from the DAO. These claims are ridiculous and I suppose one way I can help prove that is to offer this relatively "simple" task so there can be someone else that sees the complexity of the work that I have been putting into Hive.

Here's a link to the source code: https://github.com/netuoso/ledger-app-hive. At the moment, the source code is complete and will not be changing right away. This is the perfect time for someone to step forward and show their chops in the programming scene.


Maybe @therealwolf wouldn't mind lending a hand? Or even @lordbutterfly?

I am confident @blocktrades and team could perform an effective peer-review and audit of the code, but as we can see with how long the HF24 took, and is still currently taking, it is clear he and his team are quite busy at the moment so taking on more programming debt may not be on the table.


Feel free to check out the source code repository for the Hive Ledger application even if you are not thoroughly versed in C. You may at least find some inspiration to learn it or be able to re-purpose existing knowledge you have to make suggestions and comments.

Sort:  

You got me... I dont do dev work. Checkmate.
But i can read though.

See here, it says 4 months. I can see that. It says it right there. 20200904_15_02_44GitHub__netuoso_ledgerapphive__Hive_application_for_the_Ledger_Nano_S_X_Crypt.png

And also i can see color. Red color, blue color but green especially. Seeing green is a great talent of mine.

20200904_15_03_37netuoso_Andrew_Chaney_GitHub__Brave.png

I see very little green in that specific area.

I mean its fine. You did some work 4 months back and now you want a payed vacation. No problem with that. Bahamas? Hawaii? Just let us know. Post some pics, i hear theres a cool travel community on HIVE. They would love it, im sure.

Oh, and btw, you answered 0 criticism. All youre doing is pulling the "i can code, can you?" card.
Very much shows where we stand.

So I take it you don't want to verify the code and provide a peer review? I said doing so would likely give you a grasp of it's complexity and I would really like the extra eyes on the code. So would Ledger, a peer review is required.

I can point you in the right direction for some things but the point of this is no one was there to point me in any direction and I coded this entire app solo. I have also contributed to Hive.

Hive, the blockchain that wouldn't exist without me in the first place. Everyone has a lot of talk but no one produces anything. Then when I do produce stuff you claim it's not fast enough. I haven't gone anywhere.

I coded this entire app solo

4 months ago, right? You coded it 4 months ago and 2 of your proposals have been running till 3 days ago. Is that correct?

Hive, the blockchain that wouldn't exist without me in the first place.

This is what i suspected youdd say. Its basically word by word what another person i know likes to say.
Thats basically it. That sentence is why i wrote my last post where i call for a formally organized core dev team led by @blocktrades and funded by the DAO.
You feel entitled and when someone feels entitled they can justify acting in any way they want.

Youve proven that you arent a responsible individual and your github is a reflection of that. Thats why you lost your funding.

Your continual development proposals are fucking ridiculous and i knew how it would end.
Want to develop Atomic swaps? Tell Blocktrades to organize a team or if youre very enthusiastic about that project...

MAKE A PROPOSAL SPECIFICALLY JUST FOR ATOMIC SWAPS!

You act like you are doing work but you keep begging for @blocktrades to be your daddy and handle all your problems?

Why don't you take action to handle the issues you have apparently identified? Why do you just sit around creating drama and constantly whining and bitching about Hive while doing literally nothing to improve the status quo?

I will never understand people that do nothing and complain that others are doing stuff and charging for it.

You act like you are doing work but you keep begging for @blocktrades to be your daddy and handle all your problems?

What work am i pretending to do? Are you suggesting that i have 2 open and funded proposals where i pretend im working but i havent committed almost anything in the last month or so on my Github so my fellow devs that almost never complain are criticizing me? I dont think thats me, could be a mirror youre looking at.

I think im doing fairly well handling my problems. You got defunded, she quit HIVE... and all that with less then 20k HP, getting flagged every post, shit on by your inner circle and with no fat wallet friends.
Self pat on the back LB. Do i take all the credit? No, but i aint getting payed for it so i can take all the credit i want.

But yeah, Blocktrades, i stand by everything i said. Devs need supervisors (obviously) and he is the only one i know of with the knowledge and a big enough wallet to be trusted with distributing the core dev funds that would be provided by the DAO.
I would actually like you to earn from HIVE for your work, but not like this.

I will never understand people that do nothing and complain that others are doing stuff and charging for it.

You were my problem. I had a problem with you getting funded. Youre not funded anymore.
See, you use C++, python, Java to fix a bug, deal with a problem, improve something (every 4 months) and i use my words. You can call it drama, you can call it complaining. I call it:

Youre not funded anymore.

Hive, the blockchain that wouldn't exist without me in the first place.

That's quite bold of you to say, lots of people were involved in the birth of the chain. And the only one who could claim such thing would be blocktrades.

I love how much you look up to @blocktrades. But I bet even he would agree Hive was initially championed and organized by me. And of course give @guiltyparties some credit for organizing the chats and setting them up which allowed discussions to happen.

Credit were credit is due. You organized "newchain" and wrote the initial code that led to the Steem SF fiasco, which kickstarted Hive. But I'm quite certain that Hive would have been created, even without you around. It would have been different and probably a bit later. But who knows. We're here now, so let's focus on the present/future.

While once championed, the DAO will likely end up being the biggest scam on HIVE, especially with the amount of money that is going to be going in there with the next HF. That HIVE should have been burned immediately after the fork, instead it's going to be an overhang for years to come. What happened to acquiring a stake and than working to create value for that stake?! With the DAO there is no incentive to actually create value with your proposal, the incentive is to sell your idea in the very best way possible so that you get your funding. Whether your idea actually brings value to HIVE or not is irrelevant at that point, you got paid.

Thats why a lot of us are trying to raise awareness about what is happening. We just need a critical mass to move them towards improving the DAO.
They wont do it themselves.

Those that benefit most from the current system are the ones we must move to improve it. Thats not easy.

At the very least can @blocktrades verify if taking 4 months off is reasonable? What would be the explanation of this? Is this acceptable or not? I personally have no idea

Of course that's not acceptable, if he needed someone to review his code to proceed, then that should have been part of the proposal, and part of the proposal money should be used to hire a reviewer. His proposal, his responsibility. He can't just sit back and say "oh well, no one reviewed my code, so I'll just sit here doing nothing (but still getting paid)".

If true, then he should be fired. That's my opinion. If you take 4 months off and are paid, you stole from the company you work for. That's what would happen to me in my job. Accountability is needed, if this is acceptable then it means the top witnesses are ok with exploitation of our system. This is the perfect anecdote on how the DAO needs a non-interest party to vet / audit.

Well that's not what I did so I guess it's all good. I have been working and contributing this entire time. I also provide tech support to exchanges supporting Hive.

Great, fantastic. I'm trying my best not to jump to conclusions about you, really I am. I suspect that you are doing some work, but, you know what?

This is your proposal, it is your responsibility to clearly state what you have been doing, to show us your work in public repositories, to post about your work ,etc.

I shouldn't have to put on my detective hat to figure out what you've been up to, if I have to do that, then I'd rather not vote on you.

Perhaps you wax eloquent about your work in the private slack channel, but guess what, I wasn't invited there.

Point taken about the detective work. I have failed to stay socially involved on the chain. That has never really been the part of my life that I have excelled at :/

No one cares about your social skills.

But if you are getting paid for a job, part of it is to report what your production are.

You are getting money from a decentralized project, you must report to everyone that participate of that project.

it is not even about the social part, you don't have to be friends with anyone if you don't want to.
Proposals have to have some kind of check mechanism. everyone that is getting funded should have some kind of reports of what was done this week/this month/this stage... especially for things that are not that obvious.
i know bookkeeping/accounting and i am payed for it, do you think firms that pay care that i know it and did it last quarter? they care am i doing a consistent work, and no one expects of them to know what am i doing.

Also, i am sure that no one would say anything if you made a post "ok i did less work this month as we were doing this, that, and that on the blockchain preparing for the HF"... or what ever you did. If there are people who can confirm it, i am sure that almost no one would have a problem with that.

@neuoso, I want to re-iterate this is not any attack on you personally. That being said, I am concerned that no one is checking on development of promised proposals. If you say a project takes 2 weeks and it's not delivered a normal company would ask why, no one is asking you why. That's the real issue. We want to know if you took 4 months off, if so why?

In our current system we don't award time off for "full time roles". So IMO, if you're paid for a full time role and something happens; i.e. things don't go as planned, you should honor your promise or update your proposal, there is no excuse.

For instance. Let's say you took 4 months off for a valid emergency, let us know and let us decide, don't wait to be caught. Otherwise we assume the worst because we have a system that needs work.

We all want hive to grow. I appreciate the work you have done. But I also want to see Hive sustainable. I think the proposal system shouldn't allow to be gamed by any means.

How could we achieve better transparency here?

Nothing special really happens in Slack other than constant communication and sharing of various nonsense and Reddit links. Mostly a lot of drama. A lot to be expected in a decentralized "workplace".

Well that's not what I did so I guess it's all good

Still waiting for some core blockchain or vessel development from you in the last 4 months. So no work != time off ? I should tell that to my boss and stop coming in every day. You may have done support but sounds like you were grossly overpaid for your time if that's the only thing you did.

Everyone needs a boss, in a decentralized system we could elect an actual auditor. Many of us lack the skills needed to review and value these. But if you're going to be paid as a full time worker, you need to be held accountable. What's holding devs accountable other than being called out. It should be more automated and trusted. That's what hive stakeholders want, if we hope to bring new whales they'll see the abuse and may not invest as heavy if at all. Every Hive user wants more users. We want a better proposal system. The ones being paid by the DAO should understand this is what will bring way more value to hive. This is the biggest weakness of the entire system IMHO

Loading...

Why didn't you put up a proposal for developing the Hive ledger app? To which proposal can the funding be backtraced to? The vessel-one? The blockchain-dev one? Both of those having a record of no visible work done by you that actually fits the amount of money you've got.

I never questioned your skills, so I don't know why you'd try to push out a response from me, asking if I can write/verify in C. I can't. Nor can I write in C++. I'm fluent in Javascript though.

As I wrote in my initial question to you on MM: I want you to get funded. But just because you're one of the few devs on Hive who can write C/C++, doesn't justify your actions of trying to get as much as possible out of it. Especially, since your proposals basically created a base-line for what seems to be acceptable.

I guess the ledger app could be added to the blockchain-proposal, but what about Vessel? Judging what changes have been made right now, for the amount of money you get, is ridiculous. I can't judge how much time it takes to write C code, looking over it I have to admit that it seems to be a lot of work, but it could also be a lot of boilerplate code due to it being a lower-level language.

However, in regards to Vessel: I've done nothing but writing JS/NodeJS code the last 4 years and while I'm using Vue, not React, there is no way that those changes are worth 5-6+ months of 150 HBD per day. This basically makes the DHF look like a joke or even worse: like a cash-grab. Is this what you want? Now, you said something about "withholding" updates. Why? For what reason? It's open-source software that you're being paid for to develop. If you don't tell us what you're actually been doing, you can't be mad at me for taking the work that is visible for what you've done.

Last but not least: why didn't you tell the community earlier that for the ledger app to be approved, it needs to be vetted by someone outside of Ledger?

Last but not least: why didn't you tell the community earlier that for the ledger app to be approved, it needs to be vetted by someone outside of Ledger?

I was working on finding a reviewer and didn't feel like asking randos on Hive because honestly I figured the quality of review would be very poor.

There are Bolos experienced devs that would probably be cheaper and more effective to have review a Bolos app than people on Hive. The reason for that is because the devs on Hive frequently need their hands held and guidance on what to do. They need to be told what to research and where to start looking, etc. Part of the work in development is research.

Research doesn't have a number of commits online. But if you want I can make a commit each day even if no dev work was specifically done so it shows activity on GitHub. I can write a novel length post each day to explain what did, or didn't happen that day if that makes every feel more included.

None of that changes the fact that supply and demand help value work and currently the demand is high but the supply is non-existent. There are very few devs on Hive that have the experience to even perform a review of the Hive Ledger app.


Why didn't I make a proposal for the Ledger app? Because I didn't feel like making a proposal for every single thing I did for Hive. My goal is to continue working on Hive non stop, even at night during my off time, etc to come up with ideas and new features to code and present with PoCs. Currently that feature is atomic swaps.

When I release a sort of PoC for atomic swaps what then? Will you complain that I don't have a proposal specifically catered to it?

Yes, development on Vessel improvements have been slow lately but they have not been stagnant either. If you think the proposal is overvalued then of course unvote it. Though I don't think you ever had it voted anyway ;)


All of this is fine and honestly expected. I have seen people create proposals and not get finding because ultimately funding comes down to the large whale votes. Apparently, for a while at least, those voters agreed that my work was valuable. The way the proposal system works with hourly payouts, if you want to unfund something you can.

I look forward to continuing to add new features to Hive and sharing my skills and experience that seem to be lacking or non existent on Hive right now.

I would be more than willing to check the code and see if you are a scammer or a hard worker. Thanks for putting the repository out there for people to vet.

20200904 15_03_37netuoso Andrew Chaney · GitHub  Brave.png

20200904 15_02_44GitHub  netuoso_ledgerapphive_ Hive application for the Ledger Nano S_X Crypt.png

So I'm no github expert but... So it would seem you have been waiting for a code review for four months? Is the expectation that you continue to draw funds, or deserve to draw funds during this period? Is there more work that has been going on in the background that perhaps the community could have been updated more about since your github looks pretty dead? Even if the code is there, complete, and ready to be reviewed, should you continue to draw funds from the DHF?

I never said or implied that I havent been doing anything for four months as you have implied here. I am, however, offering and asking for a code review on the Ledger repo to get a step in the right direction and to see if there are even any devs capable of the task.

To determine if my work is overvalued, we should see how many devs can deliver the same type of code that I have, and continue to deliver.

A simple peer review with a write up is all this post asks for. Can no one really provide that? If so, then I would say my skills are very scarce right?

That's why I asked the question after making the statement. The community at large doesn't have insight into your daily activities, however you posted your github as PoW. If you are doing work, that is great. I suspect with some regular updates to the community regarding what you are doing, your funding probably would not have fallen off. I think it will only get harder to fund proposals as hive exits bootstrap phase and the distribution flattens. I don't think it's unreasonable to provide milestones and progress reports for a community-funded proposal. I've seen you post about some exciting prospects for the ecosystem, but that isn't quite enough to build confidence with some community members. If you committed to doing that, I don't think a couple million HP worth of votes would be hard to come by.

I un-voted both of your proposals just to trigger an answer from you. I respect your work for this blockchain and I have no problem with breaks - that's just how it is when you do creative work. You can't fill GitHub all around the clock. At least not all of us. I'd love to vote for both proposals again and I appreciate your reply and especially this comment very much.

I also think that our proposal system doesn't seem to be that bad - this 'case' is the proof. There are many eyes and that is good.

So, let's move on. Next stop: moon.

Hi @netuoso, did you find somebody to review this code? I might have a window coming up.

ping

I'm an industry certified security professional with experience in numerous languages.

I know methodology for performing security audits for systems and applications used in the defense sector but code audits may be somewhat of another beast.

But I am somewhat offended by your unfollow on Twitter but I guess it can be expected knowing you are an orange man bad kind of guy.

Even so, I may be willing to out with reasonable compensation.

Do you get offended every time someone unfollows you?

I like when people are straight up and forthcoming rather than hate on the DL.

Not saying homie was hating but he had a problem. You may be the type to end relationships on a whim but that's not me, guy.

You do realize people follow and unfollow people on a daily basis. You must get offended a lot.

You're missing the point, Marky. I can read context.

Would be awesome to have your input

Sure. Def willing to out aside whatever difference we had and work towards a common goal.

This is certainly a step in the right direction. I have no programming skills but I agree with a lot of the sentiment around the proposal system. I think there should be a "no interest" developer paid by DAO that can review codes like you're requesting and also serve to value proposals "Hive Auditor" / Internal Audit. Most of us are clueless. I know processes, not code (for now).

From my viewpoint, I see it as less of an attack on you personally but to the lack of transparency in actual value of proposals to users who lack the ability (like most) to understand their valuation.

I respect the fact you posted this though. Hopefully a good developer takes you up on this.

Is this part of the "Ongoing development" and "Vessel" proposals?

I think people are more interested in what happened to those.

Well I just added savings support to vessel and am working to add Ledger support and record a demo of it for requirements to get the Hive app listed on Ledger Live.

Atomic swaps are core development in the form of a plugin

@netuoso This response is an insult to anyone with even an ounce of intelligence. I see your proposals have been defunded so the vacation appears to be over.

You're on the hook for apx $50,000 USD

So you aren't going to even review the code?

I am ready to vote any proposal you put up once I can get my hive on a ledger or once I can do atomic swaps between Hive and Eth/EOS.

The best way to silence critics is to show actual results. I trust you.

We are getting there! The Ledger app already works; just needs to be vetted to get it fully submitted for Ledger Live approval. I will (have to) make a full guide for the Ledger on how to install it on your device and use the application.

I will make a few scripts and an open source repo to go with such a post for easy copy/pasting and reusing.

Appreciate your trust!

Woot! onward!

We are getting there! The Ledger app already works; just needs to be vetted to get it fully submitted for Ledger Live approval. I will (have to) make a full guide for the Ledger on how to install it on your device and use the application.

I will make a few scripts and an open source repo to go with such a post for easy copy/pasting and reusing.

Appreciate your trust!

There are claims that I have done nothing and am just greedily taking money from the DAO. These claims are ridiculous and I suppose one way I can help prove that is to offer this relatively "simple" task so there can be someone else that sees the complexity of the work that I have been putting into Hive.

There's a saying in Polish that only the guilty one explains oneself, but in this case I want to stress out that I respect your stance.
Public communication (especially when public funding is involved) is essential. You don't have to respond to every criticism of every individual, but there were some issues raised that should be addressed, even if they were completely biased.

The Sleep of Reason Produces Monsters
I think we all got a lesson that will improve future relations between developers and the community.

Maybe @therealwolf wouldn't mind lending a hand? Or even @lordbutterfly?

Difference is that they are not paid by the dao.

And as other mentioned, the point stands, you haven't done any work in 4 months. You're now just coming up with the "btw look at this one thing I did".

You got paid 4 months while doing nothing for vessel development.
You got paid 4 months while doing nothing for core development, meaning core blockchain (not ledger).

If you wanted to be paid 50k for your ledger app, you should have made a proposal for it, not misappropriate the funds from the other two proposals to the legder one. The community trusted you and you clearly failed them.

Sounds like you just think that you deserve the money because no one else could do it (which is false). And that's not the issue, the issue is that you made a proposal claiming you would do A and you used the money to do B.

It's like if you were an elected official and got a budget to build a new school and instead used it to build a new shopping center.

And then you failed to tell people about it. If I had not made my post how long would this have gone on ? Months without you doing any work on what YOU ARE PAID TO DO because you felt that you deserved the money for the ledger dev ?

Sounds like you just think that you deserve the money because no one else could do it (which is false)

I'm waiting to find someone that can review the code, let alone create it.

Why don't you post from your main anyway? If you were making claims backed by evidence you shouldn't be afraid to make them from your main account. If you are just full of bullshit and want to create drama you would use an anon account