Application for Major Grants Review Commitee

Hi All,

Sorry for the very late application. (23:30 31/05/2020 BST)

I am putting myself forward for the MGRC. I have been an active member of the community since the big ASIC thread. I am currently on the Community Governance Panel and was heavily involved with the process that got us here. From writing and help writing numerous ZIPs to participating in all the voice chats and discussions surrounding NU4 and what happens with the dev fund.

I am only interested in zcash and have been part of bitcoin since 2010/2011.

I am very keen on seeing this process through and working out what needs to be done next.

I have a long history in software development, hardware and cryptography. I currently sell vulnerabilities to red teams and pen test companies. I find these mainly through reverse engineering and automation. I have worked in development for 18+ years and am familiar will most development lifecycles and constantly working with different teams. I predominantly come from a testing and security background. I have been responsible for budgeting, resource management and dev life cycles for blue chip companies.

Because my work mow is for myself and is highly automated I have quite a lot of time to dedicate to other things. I would like to put that time towards working on making zcash a more complete and well rounded software ecosystem. I am not sure if this will be a full time role, if however it does turn out to be I can and am willing to put the time in and do what is required.

I think that the first year for the MGRC will be different to the next ones. Mainly because it is new and needs quite a bit of documentation and working out how best to proceed. This is going to require conversations between recipients, potential recipients, the foundation, CGP and internally within the MGRC.

I see the main areas that need to be sorted for a decent foundation will be documenting, writing up the processes and ironing out best practices / strategies for accounting, transparency, accountability, community feedback, taxes, protocols and maybe most importantly, communication.

A lot of this is not “forward facing”, but once it is done it will be easier for people to follow. The people who take this through the first year may well not be the best people to keep it running, they are different skill sets. and I think it might take up to 18 months to get it up and running fully, depending on how this works out and the amount of time people can commit.

It is essential that all the work that is being done, forward facing or not, is fed back to the community. If this role were to receive some form of remuneration then it is essential that the community knows where and why their zec is being spent. The dev fund is to make zcash technology a viable long term asset to the world and that means everything must be accountable.

Regarding remuneration, I didn’t initially think this role would be compensated. If it is more than 8 hours a week over an 8 week period I would like some form of compensation.

I have put a lot of effort into getting us to where we are now and would really like the chance to take this further.

Please feel free to ask me some questions and I hope to get your vote.

Many thanks,

Steve.

Some zcash stuff I have done:
Wrote and championed a number of NU4 proposals.
I am part of the CGP.
I am heavily involved with the community and moving forward with zip 1014.
Part of a team that made a hardware wallet. (fpga based)

tagging @Shawn and @acityinohio because I am posting this so late, sorry about that.

9 Likes

Hey @mistfpga no worries about being “late” the deadline was extended to September 1st.

I have added your thread to the top post of the MGRC Megathread, Good Luck!

PS: I can vouch for the great work that mist has done during the many months of Zcash development fund discussion. He is a member of the Zcash community that I think would be a valuable asset to the MGRC.

4 Likes

Ah, so I am early. nice. I have to go catch up. been a little indisposed recently.

Thanks for the vote of confidence. :slight_smile:

Its really important to have someone on the MGRC who is familiar with development processes, and is technically knowledgeable enough to be able to do good due diligence on the skills of the teams of people applying for grants. You sound very knowledgeable!

2 Likes

I agree. To be fair though, I think quite a few applicants have that too. One unique thing I can bring is the ability to assess milestones, testcases, etc.

I know this work is going to be carried out by the foundation, however it is something that needs to be reviewed at application time. It would be crazy for requirements be proposed by the applicant accepted by the MGRC only to turn out to be useless for the ZFND to appraise from.

Im going to go over 1014 again over the next few days to find potential issues so we can hopefully stop them becoming problems.

2 Likes

If you’re willing to use your reverse engineering and automation to get the applicants pen tested I am curious what others would think about having you become the first member of a Grants Audit Team with a good pay grade for how valuable that info can be early on in development with FinTech

Hi Phil,

Sure that could be an option. Virtually all of my stuff is black box tho, so not too much use for stuff in development. All of the runtime analysis stuff would still work. - If it is x86 or x64, compiled in C or C++ and runs on windows. I could add arm support but I am rewriting a lot of it to use Ghidra rather than IDA.

I think as far as the MGRC is concerned, this is better handled by the foundation, or actual legal auditors. (Audit has a very specific legal definition and I don’t have that legal authority.)

I have been doing it for fintech. - as in actual audits (FIPS mainly). I have spent 4 or so years working on Hardware Security Modules, Like Hal used for hashcash. These are ubiquitous through the banking and fintech industries. I also worked on the update to EMV (chip n pin) pentesting the code and the fpgas/hardware. (my skills are mainly in reversing code not hardware.)

edit: I thought I put stuff referencing this in the first post, must have been a cut n paste error. I should fix that.

1 Like

Hi @nathan-at-least,

Thanks for asking these questions directly. I know they were not directly aimed at me but I would like to chuck my 2p in. My lower estimate on work involved, and the amount I am willing to do unpaid would be 2.4 weeks (96 hours) per quarter. which is up to 8hrs per week.

Is this a role for the MGRC? I cant find the relevant bits in zip 1014. This at the moment feels a very big stretch to do this in year 1. We already have 1 applicant (ECC) (my mistake) with at least 1 more I know of expressing interest (@mhluongo).

Sure the MGRC can suggest people apply for funding, but to directly solicit it would seem like a potential conflict of interest. It would certainly need a lot more fleshing out by the MGRC as to the ethics and rules behind it.

This is an essential part of the MGRC. Especially in year one. They need to express what proposals should look like, what they need to include and to work with the first applicants to get this down. It will be a very valuable learning experience for the applicants and the MGRC. There should also be some mechanism (a bit like bounties) where the MGRC can express what proposals they would like to see. Again though the ethics and rules behind this need to be worked on. The way I currently read zip 1014 is that putting out for tenders is not in the remit.

I am a little more sceptical of this.
The amount of money involved and the structure of how it is being paid from community funds would make me err on the side of the proposal needs to spoon feed me all that information in a way that takes little effort for anyone to robustly verify. If it doesn’t, then it is not a good proposal and shouldn’t be funded. This is other peoples money, it must be spent with full accountability.

I don’t think it is desirable for the MGRC to be the only form of due diligence. Sure some has to be done by them, and not just cursory - but none of the people who are going for the role seem to have investigatory skills. I can verify information given to me in a way an employer would, but proper due diligence would cost a lot more. Who should pay for this? The initial thought would be to make the applicants pay. I am not sure on this.

If the only line of defence is the MGRC then this, when combined with tendering for proposals can and probably will lead to cries of favouritism.

The proposals have to be able to stand on their own and be complete things. I have a very high bar for what I think a proposal should look like and what information it needs to contain.

I concur this is very much the responsibility of the MGRC

In zip 1014 this is specifically the role of the ZFND, I personally would be very happy to take on this role within the MGRC (my first application was based of this premise, but I scrubbed it after @shawn pointed out that this is specifically give to the ZFND in zip 1014.)

EDIT: as shawn has highlighted below I misread what he wrote. 1014 doesnt seem to cover this specifically. I strongly believe that if the MGRC is allowed to do this work then they should. I will be revising my application accordingly.

I have a wealth of experience in this area and really enjoy this kind of work. This would exponentially increase the amount of time needed for the MGRC though. I can see this being a full time role. @acityinohio You are currently champion of 1014 - what do you think of the MGRC running concurrent testing and verification of work alongside the ZFND? I can see things for the MGRC to track that the ZFND wouldn’t, but most of them are for improving the processes and functionality of the MGRC. Actually this is a pretty tricky question. how do you see the MGRC handing over accountability for the proposals to the ZFND?

Isnt this done by the blockchain and ZFND? or am I missing something? The accounting would be very basic no? I am probably showing my ignorance of US financial legal/tax requirements when it come to business operations.

These are imperative. Full accountability to the community, whilst helping applicants get decent applications in. (I would like to do this too, I am good at this sort of thing - steve 2020!) If this part of the MGRC fails then the whole thing fails. If we follow shawns structure (which I really like) of two people full time, then this would be one of the duties of the full time person.

This is important enough that the MGRC would need a community “liaison” it is the communities money - the MGRC is just a concentration of representation, in this way it is very different from the ECC and ZFND.

I am starting to get confused. If the MGRC members are going to get compensated and they are going to hire staff, where on earth does the MGRC funding come from? How much budget is there? I don’t remember talk of any of this when the proposal was going through. Did I miss it? If the MGRC takes their own funding from the dev fund who decides how much they get and how is this decision made? Who signs off on how much money they can spend?

I will probably tidy this up and post it as questions for the other candidates so they can respond in their own threads.

2 Likes

ECC is explicitly excluded from MGRC grant funds in my understanding of ZIP 1014 (as is Zfnd). Both ECC and Zfnd already will receive a portion of the Dev Funds outside of MGRC, so my understanding of this exclusion is to ensure funding goes to other orgs/applicants.

Did you have a different understanding?

2 Likes

Nope, I completely forgot that when I wrote it. Sorry about that.

Thanks for this thoughtful response!

FWIW I expected this would be the role of Zfnd, given their other community work and that they need to similarly solicit for regular grants.

1 Like

I’m not sure about this part @mistfpga

The part of ZIP-1014 that I quoted regarding performance factors:

I think means that the ZF shall set “key performance indicators” but it will remain up to the MGRC to follow up with the teams to see these indicators are met. I my interpretation that means it’s a sort checklist, not too dissimilar to what previous Zcash Foundation grant recipients have had to do when they accepted a grant:

More of a “starting point” for MGRC to expand upon and adapt to the projects as selected.

Disbursement of funds and contracts will still be handled by the Zcash Foundation for tax/501c purposes but it will be the responsibility of the MGRC members to give a “green light” of sorts (based on the progress reports/milestones) for the next payout to a recipient.

I’m thinking of it like if it were a company. Where the management (MGRC) make the day to day decisions hire/evaluate/fire and hand it over to payroll (ZFND) to make sure everyone gets paperwork and paid properly.

2 Likes

I’m still happy to see someone with technical qualifications applying, thank you for this great application.

1 Like

Thanks shawn. I did read it differently. Im not too sure what is up with me lately. I will amend my application.