Insecure manner - Yes allnodes were operating insecurely with the validator keys.
More or Less secure - While I believe their intentions are good, the fact that so much control is had by a single entity is a risk to the network. It is less secure.
Keys known, deleted, solve? - This introduces human trust that the keys were actually deleted. A trustless system would not involve human trust.
Software issues - yes thank you for the files. We are discussing the best way to address and form a plan of action. I am hoping you would be willing to continue to collaborate.
Since they continue to tell users that their keys are not compromised once deleted, and that is false, it’s my hope that we as a community can remove allnodes from the network.
This has been very difficult for me. I have identified valid concerns, and Tobias has made false and damaging statements about myself, my character, my past, and my business.
Thank you for providing information about the foundation.
Thank you for recognizing the factual nature of the claims that I made about security.
I believe that it is deeply unfortunate that I had to disclose this issues in the manner that was necessary. That is not typical security disclosure. However, given the circumstances I had no other choices.
The network remains in a fairly unstable state.
Thank you for your work and organizing the task force. It was certainly directionally correct, and it is unfortunate that Tobias chose to come after me instead of dealing with base level facts in a productive manner.
False rumors have been spread about myself and the Notional team, and these falsehoods have caused financial and reputational harm. Very clearly these came from Tobias. I’m still considering my options with regard to those matters.
Concerning the security of the chain, it is important that we always move swiftly.
So it took days and all this being exposed on twitter for someone on the L1 team to consider looking at software issues raised by one of their own memebers albeit an ex-member.
Im sure that in the time it takes Tobias to tweet ( he even mentions he allocated 1 hour per day for twitter, he considers this to fall under work/communicating with the community which is absurd since he already has his mouthpieces in the form of trev, demonmonkey AND luncburn army) he could have looked into this issue.
I raised these issues while I was still a team member as well.
But what’s really important is that the issues have been recognized by the leadership of the grants program and layer one task force.
In the future I hope that the community is more responsive because Luna classic does not have a centralized leadership organization to fall back on. This is a good thing, it is a strength. In order to protect this asset, we must always remain vigilant.
Thanks for clarifying some of these points for the community, @ek826
Would you agree the issue can only be resolved by forcing the compromised validators to remake their nodes and validator wallets? Otherwise we’re just identifying the problem without really doing anything to fix it.
A few of us from the community have been trying to talk sense into the owners of the compromised nodes for days now, but so far it’s fallen on deaf ears (responses range all the way from outright mocking to full radio silence). Because if nothing is done to resolve these risk vectors then the overall security issue persists, regardless of everyone now agreeing about the importance of this topic.
Support from you on this issue could be critical to resolving the overall problem.
Once again thanks for popping in, I know you’re probably up to your ears in work.
Would you agree the issue can only be resolved by forcing the compromised validators to remake their nodes and validator wallets?
I do not see another way at the moment. I have been in discussions with PFC about this, and there is possibly an algorithmic approach - however would require extensive testing. PFC’s pseudo code.
Unfortunately @petes-fan-club solution cannot be implemented rapidly. Because of that, the best path forward, which could be implemented very rapidly if we came out with a unified front, is redelegation away from allnodes and their customers.
The software to encourage these changes has always been in the chain, it is x/staking.
Bottom line is that were we genuinely prioritizing security, we would all be encouraging mass, total redelegation away from allnodes and their users. There isn’t another way to do this that prioritizes user safety (yet).
Jacob and Zaradar need to stop fighting online and posting all the negative crap. Get in a ring or hexagon cage and if you think that’s a bad idea I recommend stopping all the drama and just focusing on productivity
I