April 14, 2017 - Dev update

Let’s start this update with work done in the middle of the week which focused on squashing a DoS vulnerability coming from an update in 1.0.4 to transaction priority handling. The result was a security announcement and hotfix release (1.0.8-1) which we HIGHLY recommend all users update to asap.

Investigation and mitigation of this vulnerability took about 24-48 hours of engineering time and we’re still working on finalizing related alerts which we’ll send to nodes requesting they upgrade. We still intend 1.0.9 to be released next week but it may include less than we originally planned and/or being pushed back a day or two.

This week started off continuing our refinement of release process. It was decided that after the upcoming 1.0.9 release, each subsequent release will go out on the 3rd Tuesday of each month. This means 1.0.10 will be planned to go out on May 16th. We’ve also decided to dedicate regular meeting times to discuss the future Sapling hard fork and a preliminary hard fork (HF0) which will be useful for standardizing a safe process and make the work for future hard forks more predictable. We also set up a regular meeting for the pre-Sapling priorities (payment disclosure, payment offloading & XCAT) to sync up on their progress and finalize remaining to-dos to get them out the door.

Speaking of HF0, we had a meeting about it! Here are the notes!

Some other engineering focuses earlier in the week included low memory proving which replaces loading the proving key into memory as a whole with a streaming process, loading it in in pieces and discarding pieces not in use (PR 2243), further work on building a public block observatory, putting pieces together for a testnet faucet (which we intend to hand off for third party management once stable), work on a ZIP draft for XCAT, and more work on the javascript library for the payment offloading proof of concept.

We also posted part 4 of our series on explaining zk-SNARKS.

The website also saw some improvements to the getting started flow and the privacy & security recommendations. Let us know what you think!

8 Likes

I also posted updated versions of my releases patched for 1.0.8-1, at https://zcash4win.com and the command line version for mac was just uploaded to https://zcash.dl.mercerweiss.com/zcash-mac-v1.0.8-1.zip (it is stand-alone, position independent binaries, linked against the included libraries which need to be in the same directory as them). Current zcash4mac users can stop the GUI, run the v1.0.8-1 zcashd in the terminal, then restart the GUI wallet and it will use the running, updated zcash.

An updated zcash4mac installer will be forthcoming shortly.

4 Likes

oh yeah @Quent17 and @zab please see the above :slight_smile:

1 Like

Thank you so much @anon47418038 !

Update to the 1.0.9 release as mentioned in OP:

From @nathan-at-least in https://chat.zcashcommunity.com/channel/zcash?msg=RoeNavxCEkPpqAQ8i:

Heads up: we’ve been on a consistent 3 week ‘point release’ cycle so far. We’ve been planning to switch this release process and schedule, and with last week’s hot-fix release I’ve decided to postpone 1.0.9 until we have that new process in place.
We’ll be discussing that new process today over in #zcash-dev, and we’ll announce on our blog the new schedule once we’ve settled on the process.

1 Like