Thank you!
This is great news! I would like to thank all of ZOMG for their patience with us as we crashed through the process
Welcome to the Zcash Forum @Ivo
Ivo and I go way back in 2014-2015 where we worked with Frog Design to make Verizon Messages+ happen. Hope you can find a team to collaborate with soon or I will pull you in for another Nighthawk project
Morning everyone,
I’m happy to say that we’ve kicked off work on the project today. We are very much looking forward to diving in.
How is this coming along? it could help us, it would certainly give a good indication of what the mgrc requires as a minimum.
I remember talk of the ECC possibly charging recipients for help onboarding them. @mhluongo was up for it at the time (the only public applicant at that time) and I would love to spend some of my external security budget on consulting with @bambam and @yaahc - in fact I am drafting the out reach right at this moment.
The zip doesnt prevent me from spending the funds where i think best, it just prevents them from automatically being assigned to the ecc/zf - otherwise we are needlessly binding our hands.
@Shawn Im posting this here as a minor update to zepher. We are looking for OWASP ASVS Level 3. This i think should be the standard for any project that handles crypto funds.
OWASP Application Security Verification Standard
in regards to
Is this something the MGRC can work with? Due to transparency, most of our security budget im planning to use on external verification of my testing and the zepher dev teams work.
We understand your time is limited so not only will we be in a position to give you
a pass/fail style report, you could also appoint your own independent security reviewers and they will be able the verify against what we have done and might have missed.
Does anything in the OWASP help or hinder the requirements the @ZcashGrants for the coldwallet stuff? because we could come up with some really nice development standards from this. at least that what I am striving for, to create a model other projects can emulate to see what can be done. it feels like testing and security testing is a bit of a dark art, it will be nice that all my stuff will be open source.
btw, has anyone else had 2 astra jabs, the second one has ruined me.
Hello everyone,
Wanted to let you know that we will be presenting an update on our project progress at the upcoming Zcash Gardening Club this upcoming Tuesday 6/1 at 1PM EST. We’re still in early days but making good progress in our first phase.
I’ll also be posting an update here on Monday 5/31.
Thanks again for all the support for our project!
Hi all,
Hope everyone in the US is having a great holiday.
We wanted to post a quick update on our progress on our first set of project milestones. We are having a lot of fun so far and are well into things.
Some specifics:
-
Front end: First set of wireframes is 80% complete. We’ll do an internal review next and then get input from community members like @Ivo
-
WASM engine: Our primary focus has been in getting Zecwallet Lite’s WASM / Web wallet build up and running so that we can use the codebase as a guide and a test bed for our WASM engine. We’ve completed this work and are now moving on to initial WASM development. Thanks again to @adityapk00 for his incredibly helpful advice and assistance here.
-
Proxy / translation service: Base functionality is working here - the proxy is making good gRPC calls and receiving data from lightwalletd. We’re currently working on implementing support for streaming server replies. We will put together a Postman collection to demonstrate functionality here.
-
Security: @mistfpga has complied detailed industry standards with @fireice_uk and myself to guide our development work. We’ve also reached out to potential outside security partners, as well as beginning security research into the existing lightwalletd codebase. We’re also well into work building test servers and compiling test cases.
We also have potential name for the project that we’re liking - “Zephyr”
Happy to answer any questions you may have here - we’ll also be on the Gardening Club call tomorrow.
Thanks again for giving us the opportunity to build this project for the community.
How about Zigma?
btw I love your updates to community. keep it coming
We are trying it out too, the latest wires I got to look over were in figma We do listen to advice and we want all the advice we can get.
If the community has any questions please ask. We cant really include everything in the updates.
Thank you for the encouragement!
Great club meeting. I liked being able to give verbal updates and get chat giving information.
I will get you a full response re:metamask vulns that were brought to my attention
Some (most) are covered by OWASP. but I am going to do a very long winded response as to how our test approach would catch this stuff. OR how we can mitigate the risks.
A big thanks to all the people i spoke to over PM who want to connect and knowledge share.
one thing I wanted to say but didnt, is I am hoping to create a testing and security template for other projects to follow whilst doing this (zeph is more important im just keeping notes ill publish after the postmortem on the project)
Thanks to all the love from Chat and other panellist for our project. Hopefully our success will encourage other first time teams to get involved.
oops I meant, you could name this project - Zigma (sounds cool to me).
bit too close to ligma for me.
I have what I think are acceptable answers to most of the issues that Shannon Wu points out. However because this is so important and she is obviously skilled in this area, I have reached out to her to get her perspective.
This could become a UX v security issue, so, we are on it and are adapting the attack patterns to be more relevant for our extension so I want to be 100% sure everybody on the team is on board with the solutions i have or we are going to have to find new ones, we are currently having this conversation.
It does raise a concern I have that I will cover with the other wallet teams, and that is about auto shielding. I (me, I haven’t raised it with the team yet) want it in zeph. This brings a new surface area for privacy leaks. so I have arranged to connect with Geffen after zcon2 and will be watching his presentation thoroughly.
Not sure if ligma is a real term: https://www.quora.com/What-is-Ligma
Zigma is cool like Figma & Sigma. Up for grabs
Ligma is a disease, there was a trend that still goes on where people in chat will tell the streamer they have ligma, the stream panics and says “whats ligma?” the chat responds with ligma balls. I have spoiled a puerile word play on the phonetics of “ligma” sounds like “lick my”.
I assuming normal grown ups may or may not know it but millennials and zoomers do.
That being said, you might get free viral marketing and like the “turn down 4watt” it will be ded in a few yeas and zigma is a cool name
i guess its that ive had to flip into pedant mindset, but figma is gone in the tech world. Figma: the collaborative interface design tool.
plz keep the questions up.
A short update.
I have reached out to @earthrise at the ECC (responsible for lightwalletd maintenance) - I received an overwhelmingly positive response. massive +1 for the ECC @joshs thank you for the spirit of cooperation, this is a very good marketing angle showing the support available and how to access it.
Im really excited to making contact and seeing how we can make lightwalletd better.
I have a feeling this might get a bit complicated. but we can talk about that another time.