I’m sorry, I didn’t mean to disrespect you or any of your colleagues. But I was also annoyed by the former ECC CTO making this hotfix an excuse for detouring from “Wallet emergency mode” milestone. I’ve considered it a “red herring”.
I could be also annoyed by your implication that my whole reply was totally incorrect, although neither vulnerability was discovered by the ECC team, nor fix was quick (since upstream had it fixed more than a year before).
Btw @daira , since you’re around, would you be kind to explain this recent reply you’ve posted in Discord, do I understand it correctly that your point of view is “No dev fund - no maintenance at all”.
There is a history of Block Reward salaried engineers making essentially hostage-like situation assertions (without our block reward, the Zcash project would fail) that without the Block Reward nobody would support the Zcash network. I find those positions to be hyperbolic & counter productive to long term Zcash community cohesion (again reiterating my critique that the Block Reward creates a polarized Us & Them ecosystem, and unnecessary situations where the same wheels continue to be reinvented: zcashd vs. zebra for example).
Individuals of all engineering skill levels ought to be working in some balance on this project because it is a higher calling. Not because it is a presumable dependable $200,000 salary providing money tree.
It is borderline impossible to trust the “vision statements” from the ECC or ZF when so many of their individuals have taken their masks down and revealed that in large part the vision includes a mandatory assurance to maintain their well paid Block Reward jobs.
Do I believe that all of Zcash’s great engineers deserve market-rate salaries? Yes
My dispute is about where they should be sourced, and from that assumed equity pool… who are the stakeholders and who are the governing bodies.
How on a long timeline can we the community (the Thems, not receiving Block Rewards) invest in a shared project “vision” when many of the team visionaries have shown true cards, that are not cynical, but in fact are rational & materially interested? I have identified this as a quid-pro-quo, I do not mean that as an insult - I mean it as a logically reached opinion.
The Zcash community should consider the risks that continuing the dangerous meme, where Zcash continues to function in some respects, like the F-35 project for cryptography entrepreneurs.
Imho, it’s amazing to see Dev Fund openly “advertised” as Single Point of Failure.
Funny how some people lose both Wifi and 4G at a critical moment AND wont be present at the community call. How convenient.
“Why do you need the dev fund?”
“For X and Y, without the dev fund we wouldn’t be able to do that”
“You can’t say that, you’re making a hostage situation”
What people actually want from ECC, ZF, and ZCG?
It’s just a fact that a lot of things happen because of the dev fund. Orchard, UAs, ZSAs, Zebra, FROST, all happen because of the dev fund. Would they happened without it? Maybe? I honestly don’t think so, but it’s at least clear that it would probably take much longer. You can’t simply rely on the goodwill of contributors who have spare time in their hands. You only need to pay attention to open source project funding to see that expecting reliable maintenance from random donations simply does not work.
People need to pay their bills, and the skills involved in some of these things are hard to come by (and I suspect a lot of devs could be making a lot more if they changed jobs). We’re super lucky that people like str4d and Daira are still around. I honestly don’t know what would happen to Zcash without them. Yeah it’s not good to have points of failure, but getting rid of the dev fund is certainly not going to help with that at all.
i don’t think people want to get rid of the dev fund
so much as align the funding and governance, for funding it’s 100% funded by zec holders and the EcC/foundation are happy to define community as zec holders. but for governance community is defined differently.
so i believe for governance purposes, the funding and the definition of community should be the same. if you want community to include such a broad definition that ultimately marginalizes zec holders voice then the block rewards should be eliminated and dev fund should be funded voluntarily by the community through crowd sourcing, this would be the more decentralized approach.
if the more centralized approach to funding is chosen, then government should be more focused on zec holders.
currently it’s like living in one country where you pay taxes. then the government goes and polls people in another country to ask how to spend the tax money. and the people who don’t pay the taxes are going to want to spend the money on themselves and of course the tax payers are going to be un happy with how the money is spent. let’s be honest. blockrewards is an involuntary tax. and zec holders are the tax payers. so governance and community for governance purposes should be mainly if not solely defined as zec holders
Speaking just for myself, I don’t disagree with how you frame your pro-Dev Fund arguments; it is quite logical that you and others here have chosen to frame your pro-Dev Fund arguments in a soft quid-pro-quo sort of way.
My opinion is that the ZCG, ZF, ECC are deserving of the next +1 year of Free ZEC Block Rewards, and they should continue to operate in slimmed down spending models, that focus on critical, value-add efforts only.
Following the November 2024 Halving, the Dev Fund model can be removed leaving the three primary organizations to continue to operate in whatever context they’re prepared for. @GGuy has done really good treasury estimates for the next year or two into the future. If the organizations can’t sustain long beyond the Halving on their own, then they should appeal to private investors/ institutions and would be welcomed to create correlative equity sharing or any other contractual means to assure private investors of return on capital.
How can Zcash ever advertise itself as a decentralized project, when in fact it attempts to remain solely reliant on the Big Two (ECC and ZF)? If the work for Proof of Stake (using this just as an example), is a 5 year project that would cost upwards of $15,000,000 - then perhaps it isn’t actually worth undertaking.
The grand vision for Zcash needs to be carefully weighed against the month-to-month costs and dependencies that the project currently exhibits.
Also, my personal take on the topic…
It’s not only about money, it’s also about implicit responsibility and accountability. These things should come together, as far as I understand paid position ethics.
outstanding example, sandblasting issue …
I haven’t expected it to last unattended for months, make full node almost unusable, fill chain db with garbage permanently. It was almost clear from the start that the only way to fight back was by raising fees somehow. While all the teams were allegedly super focused on that emergency, it took a long time to implement protection. Is that called a reliable maintenance?
I better not start discussion about the fact that possibility of such attack was known issue Denial of Service · Issue #3955 · zcash/zcash · GitHub , opened in April 2019 … closed recently with ZIPs 317 and 401. Instead of apology for neglecting that warning, we read “We’ve done all we could”, or “It would be even worse if it wasn’t Dev Fund”. Damage management related to sandblasting was and still is awful.
I’m against the Dev Fund without accountability, but probably would be for development funding if based on a model similar to grant applications: clearly stated goals, deliverables, timeframes, expenses …
P.S. If the material compensation is the only driver of development, what would happen if some of devs decide they are underpaid despite dev fund extension?
Not what I said and not what I meant. Note the “in that period”. What I said is factually correct.
ZIP 401 was implemented by https://github.com/zcash/zcash/pull/4145 in October 2019.
Sure, but ZIP 317 is the one which introduces fee mechanism to prevent cheap block overfilling with multi shielded output txes. I wish that one was also implemented in 2019, as a prevention - not recently as a remedy. Maybe I should have referenced DoS: Filling blocks with useless transactions is straightforward and cheap · Issue #3983 · zcash/zcash · GitHub as well, imho proves awareness of potential vulnerability back in 2019, but for unknown reason not prioritized until the actual attack.
“In that period” you were at the same position as you are now, right? Anyway, may we know what do you think about Dev Fund now and is there a risk of you leaving your position if funding ends for whatever reason? I think that prospective investors should know about all the risks involved.
So do I. Are you happy now?
Why should I be happy? I would have been happier if I saw some honest and unbiased sandblasting incident report, with full history and nothing swept under the rug. That would mean a lot to rebuilding trust. But I guess I’m what they call “demanding customer”, one of few. Since this discussion is obviously upsetting for you, I’ll abstain of further questions.
Thanks to everyone who attended today’s Dev Fund Town Hall. If you missed it or want to revisit the discussion, you can find the recording here.
@decentralistdan and I are always looking for ways to improve these events. Please let us know if you have any feedback, suggestions for specific topics you’d like us to cover, or guests you’d like us to invite.
We’re planning two more events in October and will provide the details later this month.
I listened to the space, and I tried to keep my calm.
From my perspective, there were some significant concerns raised during that meeting regarding the Zcash Devfund. It became apparent that collaboration within the devfund recipients organizations was not meeting expectations. It seemed that a substantial portion of the unrestricted funding was being allocated to individuals with strong personal brands rather than focusing on addressing technical issues and improving the product. I found it frustrating to hear complaints about funding levels, especially when it appeared that these issues had persisted for many years.
Furthermore, I observed that the ECC CTO/CRO, was struggling to stay focused and on topic. It led me to believe that the organization might benefit from insights and practices from larger organizations like Microsoft, particularly in the context of working efficiently in complex systems and distributed teams.
Additionally, I personally found it concerning that there were no tracking tools in place to monitor work progress within the Devfund recipients organizations. Basic tools such as a JIRA board with tasks, spikes, stories, and project details could greatly enhance visibility into the teams’ activities.
In my view, the overall energy of the meeting was quite low, and I had the impression that some individuals within the Devfund recipient organization might be seeking additional funding without delivering substantial benefits to the Zcash community.
in my opinion, one of the main issues is the strategy of “throwing” on the community some responsibilities, because ECC and ZFND are busy doing their own thing. the main example for that is the lack of a Stable wallet, the Ledger integration and the situation with Hanh, when the greatest minds in the community don’t get utilized to the best possibility.
this is something we should improve with the coming new Dev Fund,
funding a new independent entity which will work on the things that always lacking.
we have great people in the community with skills and experience!
That is true.
Maintaining the zcashd codebase is probably not a sexy job, but it was important. And this is why we pay people astronomical amount of money. Yet, we witness this diva dragging-feet attitudes, lack of loyalty by wandering in competing privacy-coins project and threathening to stop doing maintenance. Deeply concerning.
Everybody’s at fault here. If there are human resources-related challenges, addressing them might involve strategic recruitment and, when necessary, personnel adjustments. It appears that there has been a degree of complacency within devfund organizations over several years, likely stemming from the security of a steady income regardless of outcomes. Some may perceive this as a breach of trust.