Keyboard shortcuts are available for common actions and site navigation.
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
I'm calling it: there will be a massive exchange hack within the next year, taking advantage of an EOS vulnerability. That exchange will lose its hot wallet. Hackers will send the proceeds to downstream exchanges, where they will trade into other coins. (1/n)
If EOS uses its arbitrators to reverse the hack, the contagion will spread downstream. There will be threats of lawsuits involving the devs and the BPs. Twitter lawyers will point out the absurdity of the EOS constitution, or any document not grounded in actual law.
Exchanges have not yet figured out that EOS's governance model does not mix well with other currencies. EOS folks will blame others, and they won't be entirely wrong.
I base this prediction not on any specific vulnerability I suspect is in EOS code (see here http://hackingdistributed.com/2018/05/30/choose-your-own-security-disclosure-adventure/ … ), but on having read the project git and seen how they handle safety critical bugs.
Absent is any discussion of correctness invariants. Instead, we see patches that mutate the code to fix identified problems, one patch at a time. Consensus protocols are too complex to get right this way.
Others have identified the lack of a testnet. Testnets are nice in that they can help identify problems, if you're lucky and they expose themselves in test. But the real subtle vulnerabilities arise only when a hacker prompts them. That won't happen in testnet.
You can't incrementally patch your way to correctness. Testnets help find bugs but lack of bugs in testnet doesn't provide any assurance of correctness.
In the same vein, you can't start out with some bricks, beams and cables over a body of water, patch the holes where cars fall into the ocean, and end up with a load-bearing bridge.
The actual problems I was initially sure we would see in EOS involved liveness. We already had one of those issues within a day, fixed with a patch but without an analysis. We will also see more liveness issues.
Perhaps the safety criteria is sufficiently simple in EOS that my exchange hack prediction will not come to pass. Or maybe it will take the h4x0rs more than a year to master the vulnerabilities. Regardless, code dev culture trumps all else.
What should one do: 1. Don't store coins and money on exchanges long term. 2. Ask that development teams provide careful post mortems after bugs, describing not only the patch to fix them, but the changes made to address whatever gave rise to the bug in the first place.
Is it true that EOS, with its gigantic war chest, only offered $10k in bounty rewards to find bugs in its platform? while some ICO offered up to $1million?
Yes, the bounty was $10k, regardless of severity.
Noob q: One coin's vulnerability leaves the whole exchange exposed (if I'm holding Eth and the exchange is hacked using EOS bug, even Eth will be in danger?)
The exchange can lose money due to one vulnerability, and then choose to socialize its losses, as was the case at Bitfinex. Bfx lost BTC, and people holding ETH on bfx ended up taking a haircut.
Thank you for the explanation. Moving offline.
Coins that you don't plan on trading with, *should* remain offline.
You can't test in Quality, Even the mighty Toyota found that one the hard way, and they still haven't figured out how not too...
This is the definition of QA - quality assurance, the final step in any professional development or production process.
Pedant: QA is the first step, QC is the final step. The point is clear enough though.
I'm pretty sure they're not doing much of either QA or QC in #EOS.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
