Hypha has been doing fantastic work!
I’m really looking forward to wargame Thursdays.
With that said, I believe that the cosmos Hub team at informal is still too much a part of ICFormal. As those who frequent the forum are likely aware, I’m really disappointed with the response from amulet which has mainly been nothing.
Of course in addition to nothing, they also published and miscategorized a security issue. Their publication and miscategorization of this issue has forced myself and our team at notional to work in absolute overdrive.
Informal systems still seems to believe that it is important to go through amulet. I am arguing that it is dangerous to go through amulet, and that there is no need to go through them because notional is working security on the hub. If amulets response had been better, we would gladly work with them just like we would gladly work with hypha and gladly work with informal on security on the cosmos hub.
I do not believe that securing this amount of software is something that can or should be left to a single organization. Basically, security is the responsibility of everybody who touches the software stack. Hypha really seems to get this.
As many people are aware, there are legitimate concerns about conflict of interest with respect to the foundation and informal systems. The hub team at informal seems to act as though it is controlled by the foundation, even in matters of security, I have received responses like well our hands are tied and that’s just the policy we have to adhere to. Unfortunately, the reality is that the policy has left me talking to a brick wall.
Now please know, gentle team members of both hypha and informal, I don’t take making such a suggestion lightly, but what if informal hub team → Hypha?
For me this would dramatically reduce what are currently very serious concerns about efficacy in important matters. When funded by the hub, your hands are not tied. You need to do what’s necessary for the hub, and the foundation clearly wants no part in that, so we need to act like that.
I don’t like needing to separate these concerns like this one bit.
Here’s what I can endorse:
- hyphas excellent work on testnets, security and onboarding
- For those concerned with overlap, let’s say that I have been doing primary investigation on an issue which amulet should not have published and hypha has been facilitating that and the collaboration has been great.
- informal hub teams excellent r&d - ICS shouldn’t work. But it does and that’s extremely impressive. What I mean by it shouldn’t work is that it’s a really challenging piece of technology and I think that the execution there has been fantastic.
what I cannot endorse and must decry
- An overemphasis on proceduralism at informal, to the detriment of the hub security, and verily all of cosmos.
- insistence on involving the foundations security contractor when:
- The foundations security contractor is no more responsive than a brick wall
- The foundations security contractor releases information against researchers wishes, when researchers are saying hey that would be really bad to release
- The foundation security contractor is not creative enough to consider that a single issue can exploit multiple layers of the stack
- “My hands are tied” should never come from a hub funded team wrt the foundation who wishes to cease funding the hub. When the hub has funded us, we work for the hub.
In summary, the foundation shouldn’t have influence on hub funded teams operations.
therefore
I wish to humbly suggest we’re not making a single funding proposal for two separate organizations but instead one organization dedicated to the hub. Now, please keep in mind I realize this is a hell of a bet and a hell of an ask for the people involved and I’m not going to blame anybody if that doesn’t go through. With that said, I do want to try to help to chart and optimal course, then I believe that what I have described is optimal.
if the hub funds it, the foundation doesn’t get to decide it, and that likely means that a new org is needed because informal is hard to distinguish from the foundation and follows foundation policies to its own detriment
licensing
Really cool to hear that @jtremback is open to exploring novel licenses. I’m also not a lawyer, and don’t know if we should cobble something together or consult with a lawyer on what should be cobbled. I think that making ICS(above the commit at which foundation funding ends)+Megablocks+AtomicIBC a hub exclusive through licensure places Gaia in a very competitive position.
one more thing
I frankly find it quite refreshing to hear @jtremback telling the community the direct truth about the non-linear nature of technology research and development. It’s not a sure shot. Jehan is a plain talker and a doer and Gaia is much better off because of his work.
The same is true of the rest of the informal hub team and hypha.
other factors
Additional things that could influence my decision making here would include the separation of the foundation and informal systems. The the funding of informal systems, coupled with Ethan’s role at the foundation have created non-distinct entities.