Decred Journal – December 2018

Decred Journal - December 2018

December was a month of considerable progress, capping off a phenomenally productive year for the Decred Project. Some of the earliest Politeia approved proposals are beginning to gain momentum, with Ditto personnel joining the comms channels to work on the messaging and outreach plans for 2019 in collaboration with the broader community.

Release candidates of core software v1.4.0 are available for download on GitHub. Enthusiasts are invited to try them while regular users are advised to wait for the final release. As always, verify the signatures to ensure the software is coming unaltered directly from the developers.

The dcrandroid wallet for Android OS also saw its first release candidates available on the Google Play store. This benefits from Decred’s SPV mode which allows it to protect user privacy by requesting blocks directly from the P2P network instead of a centralized service provider - rare for mobile wallets. In addition to the caution about release candidates, please be aware that the mobile environment presents additional security concerns and is not advisable for large sums of DCR.

While December has been a rough month for the space with prices dropping and funding contractions, Decred remains unfazed and the stage is set for continued expansion and acceleration through 2019.

Happy New Year to all readers from the Decred Journal team!

Development

dcrd: v1.4.0 RC2 was released. This version includes the smart fee estimator that allows the user to either minimize mining delay or the fee, depending on needs. The feature is important for Lightning Network and as a general mechanism to handle network congestion. Whitelisted inbound peers are now allowed regardless of connection limit so that operators can always allow their own SPV clients. Several performance improvements to initial sync, validation and network operations are included. Users choosing to upgrade should note there is a one-time database migration which will take 30-60 minutes depending on hardware. See full list of changes in the release notes.

A vulnerability was patched in go get tool that allowed remote code execution when using a malicious repository. Decred software was not affected. On a related note, for dcrd all changes to dependencies except the Go runtime are audited. That is part of the reason it takes so much effort to prepare dcrd releases and why the number of dependencies should be limited. More details in this chat.

Discussion started to implement Child Pays For Parent (CPFP) in dcrd.

dcrwallet: v1.4.0 RC2 release fixes a lot of bugs related to SPV and error handling and adds a host of new gRPC endpoints that will enable new features in end user UIs. Tor connections to dcrd node are now possible with the proxy mode. Default transaction relay fee was dropped to 0.0001 DCR given sufficient network upgrades. More changes in the release notes.

Decrediton: v1.4.0 RC2 release features initial Trezor support, design improvements and many bug fixes. Initial Trezor support allows users to use Decrediton as a “watch-only” wallet that signs transactions with Trezor. The feature will be hidden behind a config option until it gets enough testing. Staking is not supported yet but is planned in the near future. More generally, watch-only wallets are now able to create unsigned transactions that can be transferred to another device for signing and broadcasting. Governance page received a large overhaul and an important feature to notify users about new proposals and votes. New page to choose between SPV and fully validating mode is now shown on first load. Initial dark theme can be enabled in Settings (the colors are being finalized). More details for these and other changes are in release notes.

On the master branch (i.e. not included in the 1.4 release), Decrediton can now be built for Raspberry Pi.

A lot of design work is completed and ready for implementation.

Politeia: latest security tightening earned Politeia an A+ rating from securityheaders.com, which placed it in the site’s top 3% and (briefly) in the Hall of Fame. A feature to view old proposal versions is added as part of a larger version diff viewer that needs more work. politeiavoter now retries failed requests which fixes Tor usage. Comment vote score calculation was fixed by moving it from politeiad to politeiawww. Proposals now cannot be abandoned after voting was authorized. These and smaller fixes will be available on the proposals site after the next deployment.

In progress are admin data backups and two big changes to scale the server: cache layer and websockets support.

dcrandroid: v1.0.0 release candidate 2 is available on Google Play for mainnet and testnet. Seed verification and seed restore interfaces were completely redone, several bugs fixed. The list of improvements can be found on GitHub. Discussion and feedback here.

Next RC to be released shortly will include several minor bug fixes as well as a better display of the status during initial sync which was requested by a handful of people.

Focus has been on streamlining the setup experience for new users since that’s the first thing they will see and can sometimes be tedious.

Limitations of wallet encryption and risks of staking on insecure Android smartphones were discussed in this chat.

dcrios: has mostly just been syncing up with the changes from Android. iOS testing releases will be made available as soon as Android 1.0 is done.

dcrdata: v3.1.1 is released on the main site. Highlights include new pages for sidechains and disapproved blocks, major performance improvements, Go modules support, non-javascript mode improvements (thanks from an anti-js dinosaur!). See full release notes here. The release includes 129 commits from 4 months of work made by 16 code contributors. Congrats to dcrdata team!

On master, a feature to download transactions for a single address as a CSV is finished. Several large refactors are merged to employ modern frontend best practices.

Public dcrdata Tor service was temporarily shut down after a DDoS attack. After some discussion it was brought back at dcrdata2opeenddl.onion.

Developers can check the new Docker image to build and test dcrdata and a new FAQ page on the wiki.

Ticket splitting: v0.7.0 and v0.7.2 released. Highlights: SPV client support (read on the privacy caveats), better security with session token, OpenBSD support and better reporting. Find the downloads on GitHub. Verify the signatures to make sure the binaries really come from @matheusd.

docs: building on redirection infrastructure laid out earlier, work began to tidy up URLs and directory structure. Agenda Voting was changed to Consensus Rules Voting. Translation framework was removed. Glossary was extended with new terms. Added new guide for SPV. Updated Politeia docs by grouping Politeia pages together, adding pages for Proposal Guidelines page and Example Proposal.

decred.org: page headers were changed from javascript to videos, Rocket.Chat removed from the Community page, Decred Business Brief is now available as a web page in addition to the PDF download.

Other:

Dev activity stats for December: 230 active PRs, 196 master commits, 33K added and 106K deleted lines spread across 8 repositories. Contributions came from 3-9 developers per repository. (chart)

People

Welcome to new first time contributors: aerth (dcrwallet), @guang (decrediton) and tpkeeper (politeia).

30000fps has been a Decred design contributor since summer of 2018. One goal of his work has been about bringing illuminating development by finding meaningful ways to visualize and illustrate the processes and features otherwise unseen. Examples can be seen from the recent development visuals (upcoming v1.4.0 release (4 MB), Politeia release, v1.3.0 release), as well as the overhaul of decred.org animated subpage headers.

3 contributors were removed from the decred.org website.

Several contractors shared their onboarding experiences in this chat, which is a good, first-hand account to read in order to understand what the onboarding process might look like, particularly of note to those potentially interested in becoming Decred contractors. @richardred published an excellent Working for the Decred DAE post that describes his Decred journey in some detail.

Several independent contractors are preparing a community roadmap document where they outline their plans for 2019.

Governance

In December the Treasury received 17,016 DCR and spent 12,570 DCR. Using December’s daily average DCR/USD rate of $17.5, this is $298K received and $220K spent. As these payments were for work completed in November, it is also informative to consider them in the context of the November average daily rate of $32.5 - in which case the USD received/spent figures are $553K/$409K.

Here are short proposal updates as of Jan 10. Please do not rely on them to form your opinion about the proposals and read the original texts and discussions on Politeia.

Bug bounty proposal was approved with 90% Yes and 30% participation. @degeri showed a great example of going through all the stages: join the community and demonstrate the ability to do useful work, identify something missing, draft an idea and put it through several rounds of feedback, submit a proposal, engage with commenters and adjust it further, and finally gain approval. A notable fact here is that Decred is one of the few projects where a pseudonymous contributor can build up trust and become successful by establishing a track record of delivering high quality work.

To avoid common mistakes and build a successful proposal, make sure to read the new Proposal Guidelines by @s_ben (inspired by an excellent comment by @nnnko56).

Company 0 is not charging the Treasury for its privacy work, as clarified in this thread.

Discussions: this chat discusses staying frugal with the Treasury spending, especially during bad market conditions. This thread dismantled common arguments against Decred’s governance system: “we don’t know if the governance system works because it hasn’t failed yet” and “there hasn’t been anything controversial yet”. Turns out it’s hard for controversy to build up in a system explicitly design to avoid it.

A much more nuanced coverage of Politeia activity is provided by @richardred in Politeia Digest issue 8 and issue 9. The digest captures a lot of interesting details for every proposal. Issue 9 contains a review of 2018 Politeia data since its launch. You can find all past issues and leave feedback here.

Network

Hashrate: December’s hashrate opened at around 167 Ph/s and closed around 183 Ph/s, peaking at 207 Ph/s and bottoming at 110 Ph/s throughout the course of the month. For the most part, the average was 150 Ph/s. As of Jan 10, pool hashrate distribution: poolin 34%, F2pool 27%, UUPool 7.4%, btc.com 7%, Luxor 3.8%, BeePool 2.6%, coinmine 1.1%, others are 17% per dcrstats.com. Pool distribution numbers are approximate and cannot be accurately determined.

Staking: 30-day average ticket price was 103 DCR (+0) per dcrstats.com. The price varied between 101 DCR and 107 DCR. Locked amount was 4.14-4.23 million DCR, which corresponded to 46.3-47.1% of the available supply.

Nodes: As of Jan 1 there were 192 public listening nodes and 253 normal ones per dcred.eu. Version distribution: 1.5% are v1.5.0(pre) dev builds, 1.8% on v1.4.0(rc1), 5.3% on v1.4.0(pre) (-1.2%), 55% on v1.3.0 (+5%), 20% on v1.2.0 (-5%), 10% on v1.1.2 (-1%), 4% on v1.1.0 (-1%).

There are many more interesting stats we’d like to present in this section, let us know if you can help.

Block 300,000 was mined in December and the mined DCR is now over 9,000,000. Congratulations to all!

Mining

Whatsminer D1:

Bitmain’s Antminer DR5 miner was introduced on Twitter and met with some criticism. Specs: 34 Th/s at 1,800 W, prices start from $1,400. This thread discussed the unit along with challenges for small or hobbyist miners.

Be careful when ordering miners from eBay, you may get just the weight.

Integrations

The hardware wallet company Ledger announced that the long-awaited DCR integration is complete:

We are excited to announce that the Ledger Nano S and Ledger Blue are now compatible with Decred. Decred is now available on Ledger Live and marks the first native Ledger Live integration since its launch. Read more here (@LedgerHQ)

DCR storage is possible through Ledger Live, an application that now acts as a one-stop-shop for accessing and interacting with your crypto assets since Ledger discontinued the use of their respective apps earlier this year.

Cobo Wallet announced a custodial staking service. Discussed here.

For any wallet software and hardware, always do your own research and ask how it works. Do you control the keys? Do you lose consensus and Politeia voting rights? Does it talk to Decred full nodes directly or through intermediaries? Does the service share your data with 3rd parties? Is the source code open and auditable?

Outreach

December marked an exciting month for Decred, as Ditto began work. The first initiative was to make introductions and determine workflow. You’ll now see our good friends, Liz Bagot (@liz_bagot), Trey Ditto (@treydpr), Margaret Mei (@margaret_mei), Blain Rethmeier (@blainr), and Milvian Preito (@milvian) in various Matrix rooms, including #marketing, #ditto_pr, and #writers_room.

Work began in earnest on messaging, which can be viewed here. Continued input is always valued. Concurrently, we’re working with the design team to integrate new messaging into the site and to expand the content with new pages further explaining important aspects of Decred.

Messaging should be agreed upon in January, and a work will begin on the website. A plan including events and other tactics will also be published in January. (@Dustorf)

Ditto people joined #marketing and the room was very hot throughout the month with lots of brainstorming and discussions about messaging.

@Dustorf, @jy-p and Ditto met in New York and posted a report in chat. Among other things, they discussed challenges related to attracting new developers and contributors, spreading the word about Decred to knowledgeable investors, institutions, and governments, as well as going over the long term vision for the project.

Trey published Ditto’s big picture look at 2019 and the strategy for Decred. Following that a survey was held on Reddit asking the community how would they describe Decred, what media do they read and how they think Decred should target developers.

Mid-December @liz_bagot gave the inaugural Ditto Bi-Weekly Update, and later summarized the work for December:

Now a total of 5 well-known community members have the rights to tweet via @decredproject Twitter account. You can read about how it works here.

Events

Decred held it’s first meetup in New York City on Dec 5 at Distributed Global in the flatiron district in NYC. The audience of about 80 people included VC’s, developers from other projects, media, and members of the Decred community. @jy-p gave a Decred overview presentation (photo), then delved into the technical details of the Politeia Proposal System including how it works and the potential breadth of its applications.

Next, Chris Dannen, Founder of Iterative Capital, discussed the way work has evolved, particularly in the era of free open-source software. Iterative Capital’s Thesis explains this thinking in much greater detail. He explained how Decred’s treasury brilliantly dovetails into a massive work trend that gives workers desired autonomy and enables them to do their best work.

Finally, Chris Burniske and Joel Monegro of Placeholder VC held a fireside chat explaining Decred’s value from the perspective of an institutional investor. Chris revealed the financial reasoning, including:

  1. Team - btcsuite when released was as good as anything put out by Bitcoin Core
  2. Hybrid PoW/PoS system is more secure than any other network
  3. Treasury funding allows development to be funded long term
  4. Fork resistance - Decred is designed to keep the community together through consensus

Joel shared his appreciation for Decred’s governance system, and its ability to make Decred polymorphic, adding features and functionality as the community decides. They concluded that Decred is built/designed for a multi-decade horizon. They shared some of the good work they’re doing to on behalf of Decred with respect to custodianship, exchanges, and institutional staking, and concluded that the biggest issue Decred currently faces is liquidity.

Founders Night took place next day on Dec 6, and was Distributed Global’s holiday party. They brought in all their fund managers from various offices, and invited their investors, partners, and members of various projects within their portfolio. It was a great opportunity to meet those various constituencies and build relationships for future events in NYC. Spring is being targeted for the next Decred event in NYC.

Other attended events:

Upcoming:

Ask in #event_planning room for any questions.

Media

Selected articles:

Translations:

Videos:

Audio:

Community Discussions

Community stats as of Jan 1:

On top of that there are Telegram communities in Chinese (661, +119), Portuguese (435, +99) and Italian (120) languages. Also, @michae2xl is running @decredproject on Instagram with 396 followers as of Jan 6.

Comm systems news:

Prototype community issue tracker was started to discuss actionable ideas in a more structured format. Any idea that benefits the project can be discussed. As of Jan 10 there are 73 issues like article ideas, PR, archiving and data preservation, or discussion of communication platforms. For example, this issue captures a challenging task to find a good name for Decred’s hybrid PoW/PoS consensus algorithm and lists all options suggested so far. You can subscribe to everything with the Watch button on top, or to individual issues with Subscribe button on the right panel. There is a popular belief that “GitHub is for developers” - this is not the case. Posting issues and comments and ‘+1’ is no harder than using Reddit or chat and in fact multiple non-developers already contribute doing just that.

Reddit incident showed us another weakness in the platform. Multiple threads were started and spurred useful discussion, but were later removed by the author. This wasted the effort of all people who bothered to reply. The deleted threads were somewhat resurrected, but generally this incident shows an attack/sabotage vector: trigger the discussion and then delete the thread, wasting community’s energy. Reddit has no defense from this as moderators cannot disallow users to delete their content. The event has led to a discussion of a Reddit replacement that could probably derive from Politeia.

For yet another time, a lot of strange Reddit activity was timed close to our major release. It is either an unusual amount of questions about less relevant issues, or “innocent” questions about trivial things, or something similar. All coming from accounts never seen before and that stay after the short interaction. This notice is to inform people who care about the project to watch out for weird activity that can sap project’s, as well as your individual energy. Read this chat for more details.

Markets

In December DCR was trading between USD 14.2-21.4 / BTC 0.0042-0.0058. The average daily rate was $17.5. A short price rise to USD 20.9 / BTC 0.0058 happened on volume increased to USD 5-6 million compared to USD 0.8-1.2 million on other days. Note that the trading volume data is not reliable, as noted below.

Relevant External

Vertcoin (VTC) was the subject of a majority (51%) attack (4 incidents) in which 22 reorgs and 15 double spends occurred, costing the victims around $100,000. This reaffirms the vulnerability of coins that are not the dominant use for their miners (GPU-mineable or ASIC-resistant, but also Bitcoin forks) to be attacked by miners who have appropriate hardware and no interest in the health of the blockchain. One of the impacts of these attacks is that the coin comes to be regarded as insecure, because it has failed in its purpose before. Anyone who is still willing to accept it may require a very high number of confirmations before confirming a transfer, making the coin slow to move.

The Horizen (previously ZenCash) team lead recently announced a strategic action to increase the Treasury block rewards from 10% to 20%, reducing the share of rewards for miners. After a 90% reduction in price, and significant reductions to staffing and other costs, it was felt that to cut costs any further would mean jeopardizing the project. As the Treasury system being developed by IOHK is still a prototype not yet ready for use, the Horizen team felt the need to make a unilateral decision to change the block reward.

EOS block producer began paying holders that voted for it.

The first round of voting on Aragon Governance Proposals (AGPs) has been delayed due to potential network instability around the Ethereum Constantinople hard fork - hopefully “blockchain down for maintenance” is not a problem Decred will encounter with Politeia. The CEO of Aragon Association published a blacklist and wishlist for proposals before proposal submissions opened. In the first proposal the AGP process itself was approved by 99.97% of the ANT that voted. In total 2.6% of all ANT tokens voted on the first proposal, from 45 unique addresses, with ~60% of ANT votes coming from one address. AGPs go through a review by the board of the Aragon Association, then a community review, before a 48 hour voting period opens.

2 million BTCP were mined via an exploit and went unnoticed for months until CoinMetrics noticed that something is wrong with the supply. Developer team posted an official statement confirming the inflation exploit. The bug was merged on Jan 5 2018 together with a patch from a bounty hunter that disengaged after receiving the reward for his work. Just one missing line of code caused huge damage to the network’s value proposition. We can learn a lot from this unfortunate experience: extensive test coverage, super critical review of consensus code, established reputation of developers working on mission critical parts, and having multiple implementations of the protocol are all very important to build a system we can trust money to.

There was an attack on Bitcoin’s Electrum infrastructure. Someone started a lot of malicious Electrum servers that prompted the user to “upgrade” to a malware version and stole 200+ BTC. The Electrum model involves a network of servers that sit between clients and full nodes. Each client depends on the server they connect to, this compromises user privacy as the owners of those servers can infer which wallets the users own. If Electrum servers were compromised this would open up some additional attacks. Decred chose not to develop Electrum infrastructure but instead go straight for SPV based on client-side filters. This delayed the development of light clients, but the SPV mode now working in dcrwallet, Decrediton and drcandroid connects to full nodes directly and functions independently of any service provider, which enhances users’ privacy as a result.

Security researchers demonstrated multiple ways to hack most popular hardware wallets, if in physical possession of the device.

Latest exchanges trading volume report by blockchaintransparency.org concluded that of the coinmarketcap.com top 25 BTC pairs over 80% of volume is wash traded. Another unhappy finding is that the average project spent over $50,000 on listing fees. The report has spurred the idea to analyze the trading volume for DCR.

Coinbase seeks to own the term “BUIDL”.

Many cryptocurrency services and projects seem to be owned or co-owned by just a handful of entities with banks at the top.

Several centralized exchanges failed to serve withdrawals during the annual Proof-of-Keys event.

Slack accidently blocked people who visited Iran before. Later Slack apologized for the incident and clarified the situation. But the signal is clear and not surprising: Slack Technologies is a (venture funded) U.S. corporation that complies with U.S. laws. In contrast, Matrix rooms can be federated over multiple servers, so even if some participating servers are shut down, servers in other jurisdictions can keep serving the chat and history.

There have been a number of articles in December about layoffs in the cryptocurrency space (and some saying it’s not so bad relative to other sectors). For other projects with Treasuries, these are also hard times, as noted for Horizen above and can be seen in some Dash community discussions. We can thank the people who managed the Treasury in the pre-Politeia era for its healthy balance, this is the reason that Decred is still looking to expand its workforce while other projects contract. With DCR at $17.5 for December, that will likely be the first month where Treasury outgoings are greater than the incoming block rewards. Even if DCR/USD stays low for some time, the Treasury could maintain its current USD-equivalent spending for several years (rough estimate is 8) at this rate before cut-backs became necessary.

Amid the larger wave of layoffs in the crypto sphere, Bitmain allegedly fired its entire staff of Bitcoin Cash developers, which included the Copernicus team.

Copernicus is an implementation of the Bitcoin Cash protocol written in Go that utilizes btcsuite. The pre-release version of software was announced and mined its first block in December. On their website the authors thank btcsuite developers for their work and acknowledge their contribution to the Bitcoin ecosystem. On the blog Copernicus team noted that the software “reorganizes and redesigns the software structure for the original client in order to make the structure more concise, reduce the learning difficulty for developers and increase diversity of clients to ensure safety of the entire BCH network”.

Copernicus is not the first effort to diversify Bitcoin Cash’s network that already had several C++, Rust and JavaScript implementations in development. In September, two other implementations of Bitcoin Cash written in Go were unveiled. Gocoin-cash comes from the creators of counterparty.cash and is based on gocoin (another full Bitcoin node implementation in Go). bchd in turn comes from OpenBazaar developer Chris Pacia. In the initial announcement of bchd Chris noted that btcsuite is “one of the best designed and well-written Bitcoin codebases” and explained that it allows to engage more developers and build new features faster, compared to C++ implementations. It also gave them the private client-side SPV “for free”. The beta was announced in November - two months since forking from btcd the team grew to 9 contributors and implemented several improvements over btcd.

The relevance and good news for Decred here is that a lot more developers are looking at btcsuite codebase now, on which Decred is based and can benefit from.

About This Issue

This is the 9th issue of Decred Journal. It is available on GitHub and Medium. Past issues and translations are available here.

Chinese translation by @guang is available on Medium, Weibo and GitHub.

Most information from third parties is relayed directly from source after a minimal sanity check. The authors of Decred Journal have no ability to verify all claims. Please beware of scams and do your own research.

Your feedback and contributions are welcome on Reddit, GitHub and Matrix.

Credits (alphabetical order): bee, Dustorf, guang, Haon, kozel, liz_bagot, oregonisaac, raedah, richardred, saender, zubairzia0.