@shielded-nate.bsky.social
- every repo is a monorepo (aka ERIMR): first class support for review & ticketing of an atomic bundle of changes against any number of projects
- built-in deterministic builds
- first-class distinction of tracked generated content (e.g. lockfiles) versus human source (see: previous item)
- built-in deterministic builds
- first-class distinction of tracked generated content (e.g. lockfiles) versus human source (see: previous item)
November 17, 2025 at 7:40 PM
- every repo is a monorepo (aka ERIMR): first class support for review & ticketing of an atomic bundle of changes against any number of projects
- built-in deterministic builds
- first-class distinction of tracked generated content (e.g. lockfiles) versus human source (see: previous item)
- built-in deterministic builds
- first-class distinction of tracked generated content (e.g. lockfiles) versus human source (see: previous item)
For example, check out this zallet hardening: https://github.com/zcash/wallet/pull/301/files
One thing about the Zcash dev ecosystem is that there are many places and ways to get plugged in. Now's a great time to show up and lean into a project that matters! 🛡️
One thing about the Zcash dev ecosystem is that there are many places and ways to get plugged in. Now's a great time to show up and lean into a project that matters! 🛡️
Full source bootstrapped and deterministic build by antonleviathan · Pull Request #301 · zcash/wallet
This PR switches zallet to use StageX as the build toolchain distribution.
The primary benefits of this are that the StageX is:
Full source bootstrapped, all the way down to the compiler, including rust
The whole distro is fully deterministic.
Reproducing the whole tree is as simple as setting up containerd and running make in the StageX repo - may want to use a beefy machine for the build, as it takes a while
All changes in StageX tree are always reviewed and signed by at least two maintainers
All releases are reproduced by at least two maintainers on at least two different chipsets, and signed
The followup work would include updating the debian build and publish workflow and push to dockerhub workflow.
Closes #313.
github.com
November 13, 2025 at 6:36 PM
For example, check out this zallet hardening: https://github.com/zcash/wallet/pull/301/files
One thing about the Zcash dev ecosystem is that there are many places and ways to get plugged in. Now's a great time to show up and lean into a project that matters! 🛡️
One thing about the Zcash dev ecosystem is that there are many places and ways to get plugged in. Now's a great time to show up and lean into a project that matters! 🛡️
I don’t speak Dutch, and I hope this isn’t offensive, but your user handle seems potentially grippy-socks-worthy to this English speaker.
November 2, 2025 at 3:40 PM
I don’t speak Dutch, and I hope this isn’t offensive, but your user handle seems potentially grippy-socks-worthy to this English speaker.
That's the danger of our methods: since it's a permissionless, global, opt-in system with a multitude of dev & user communities of unknown extent, we don't even *know* who all is in on the PnD. More keep arriving, pushing the scheme in new directions with minimal coordination.
Stay safe out there!
Stay safe out there!
October 25, 2025 at 2:07 PM
That's the danger of our methods: since it's a permissionless, global, opt-in system with a multitude of dev & user communities of unknown extent, we don't even *know* who all is in on the PnD. More keep arriving, pushing the scheme in new directions with minimal coordination.
Stay safe out there!
Stay safe out there!
Our Criminal Methods: Now that you know the game plan, you should know our ingenious methods, so you can avoid similar schemes.
Not yer average PnD: we built a whole infra around it, with usable private wallets, multiple dev teams & community groups w/ a few distinct primary languages.
Not yer average PnD: we built a whole infra around it, with usable private wallets, multiple dev teams & community groups w/ a few distinct primary languages.
October 25, 2025 at 2:07 PM
Our Criminal Methods: Now that you know the game plan, you should know our ingenious methods, so you can avoid similar schemes.
Not yer average PnD: we built a whole infra around it, with usable private wallets, multiple dev teams & community groups w/ a few distinct primary languages.
Not yer average PnD: we built a whole infra around it, with usable private wallets, multiple dev teams & community groups w/ a few distinct primary languages.
Phase 2: The Dump - Here's the particularly genius part of our scheme, if I may say so. Instead of dumping the token, which is just what the plebs might expect, we're dumping *other* assets: fiat, globally transparent safety liabilities.
We're out here dumping surveillance left and right.
We're out here dumping surveillance left and right.
October 25, 2025 at 2:07 PM
Phase 2: The Dump - Here's the particularly genius part of our scheme, if I may say so. Instead of dumping the token, which is just what the plebs might expect, we're dumping *other* assets: fiat, globally transparent safety liabilities.
We're out here dumping surveillance left and right.
We're out here dumping surveillance left and right.
As all good pump-and-dumps go, you know they're never satisfied reaching a certain level. Some of us even had ambitions to keep it running indefinitely, pulling in more and more suckers over years. Decades even. Even dreams of spreading the scam to the stars once humanity ventures forth…
October 25, 2025 at 2:07 PM
As all good pump-and-dumps go, you know they're never satisfied reaching a certain level. Some of us even had ambitions to keep it running indefinitely, pulling in more and more suckers over years. Decades even. Even dreams of spreading the scam to the stars once humanity ventures forth…
The Phase 1 Pump plans are far from over. If I wasn't raising the alarm, who knows how many more would fall for it. Tachyon is the next step in trying to pull in orders of magnitude more victims. Crosslink will help ensure their custody is truly irreversible and allow more conspirators to run infra.
October 25, 2025 at 2:07 PM
The Phase 1 Pump plans are far from over. If I wasn't raising the alarm, who knows how many more would fall for it. Tachyon is the next step in trying to pull in orders of magnitude more victims. Crosslink will help ensure their custody is truly irreversible and allow more conspirators to run infra.
We didn't want just another run of the mill Pump, so we propped it up and extended the duration with in-protocol dev funding. To spice it up and sugar-coat the con, we added fully encrypted txns, so all the schmucks who fall for it won't even be left with an onchain record to their name.
October 25, 2025 at 2:07 PM
We didn't want just another run of the mill Pump, so we propped it up and extended the duration with in-protocol dev funding. To spice it up and sugar-coat the con, we added fully encrypted txns, so all the schmucks who fall for it won't even be left with an onchain record to their name.
After that (end of MS5), we will then spend most of 2026 *re-implementing* a hardened, production-ready node using all of our design/impl learnings during this prototype phase.
2026 = scrutiny gauntlet! Bring it on.
Rocket Shields Go Up! 🚀🛡️
2026 = scrutiny gauntlet! Bring it on.
Rocket Shields Go Up! 🚀🛡️
October 22, 2025 at 7:13 PM
After that (end of MS5), we will then spend most of 2026 *re-implementing* a hardened, production-ready node using all of our design/impl learnings during this prototype phase.
2026 = scrutiny gauntlet! Bring it on.
Rocket Shields Go Up! 🚀🛡️
2026 = scrutiny gauntlet! Bring it on.
Rocket Shields Go Up! 🚀🛡️
We plan to continue forward with our prototype roadmap: https://shieldedlabs.net/roadmap/
We still aren't prioritizing fixing resilience, performance, etc... right now until we have a "full stack" working prototype that demonstrates basic functionality & safety.
We are avoiding early optimization.
We still aren't prioritizing fixing resilience, performance, etc... right now until we have a "full stack" working prototype that demonstrates basic functionality & safety.
We are avoiding early optimization.
Roadmap - Shielded Labs
shieldedlabs.net
October 22, 2025 at 7:13 PM
We plan to continue forward with our prototype roadmap: https://shieldedlabs.net/roadmap/
We still aren't prioritizing fixing resilience, performance, etc... right now until we have a "full stack" working prototype that demonstrates basic functionality & safety.
We are avoiding early optimization.
We still aren't prioritizing fixing resilience, performance, etc... right now until we have a "full stack" working prototype that demonstrates basic functionality & safety.
We are avoiding early optimization.
To be clear though, this wasn't a realistic BFT reboot. We relied on the current ephemeral nature of BFT state to forget the conflicting signatures.
Still, this was a totally improvised un-expected development of the workshop.
Bonus XP for that general ops process & Crosslink validation.
Still, this was a totally improvised un-expected development of the workshop.
Bonus XP for that general ops process & Crosslink validation.
October 22, 2025 at 7:13 PM
To be clear though, this wasn't a realistic BFT reboot. We relied on the current ephemeral nature of BFT state to forget the conflicting signatures.
Still, this was a totally improvised un-expected development of the workshop.
Bonus XP for that general ops process & Crosslink validation.
Still, this was a totally improvised un-expected development of the workshop.
Bonus XP for that general ops process & Crosslink validation.
We improvised a live BFT stall recovery!
We were able to restart out-of-sync BFT nodes and resume BFT (with the roster unmodified) without disrupting PoW, which was a live validation of a cornerstone of Crosslink:
Security is as strong as either subprotocol: BFT failure did not derail PoW.
We were able to restart out-of-sync BFT nodes and resume BFT (with the roster unmodified) without disrupting PoW, which was a live validation of a cornerstone of Crosslink:
Security is as strong as either subprotocol: BFT failure did not derail PoW.
October 22, 2025 at 7:13 PM
We improvised a live BFT stall recovery!
We were able to restart out-of-sync BFT nodes and resume BFT (with the roster unmodified) without disrupting PoW, which was a live validation of a cornerstone of Crosslink:
Security is as strong as either subprotocol: BFT failure did not derail PoW.
We were able to restart out-of-sync BFT nodes and resume BFT (with the roster unmodified) without disrupting PoW, which was a live validation of a cornerstone of Crosslink:
Security is as strong as either subprotocol: BFT failure did not derail PoW.
Ok, so it's a known safety gap, too bad, let's fix it, right?
Yes, but there was a great silver lining. We could have just said "ok, bug filed, come back next time".
Instead:
…
Yes, but there was a great silver lining. We could have just said "ok, bug filed, come back next time".
Instead:
…
October 22, 2025 at 7:13 PM
Ok, so it's a known safety gap, too bad, let's fix it, right?
Yes, but there was a great silver lining. We could have just said "ok, bug filed, come back next time".
Instead:
…
Yes, but there was a great silver lining. We could have just said "ok, bug filed, come back next time".
Instead:
…
There was one safety violation due to a known implementation gap: Zebra has Bitcoin-style 100 block "YOLO finality" and we haven't yet ensured BFT finality is supreme.
Add heavy partitioning and we hit the safety violation after some nodes were >100 PoW blocks out of sync.
Add heavy partitioning and we hit the safety violation after some nodes were >100 PoW blocks out of sync.
October 22, 2025 at 7:13 PM
There was one safety violation due to a known implementation gap: Zebra has Bitcoin-style 100 block "YOLO finality" and we haven't yet ensured BFT finality is supreme.
Add heavy partitioning and we hit the safety violation after some nodes were >100 PoW blocks out of sync.
Add heavy partitioning and we hit the safety violation after some nodes were >100 PoW blocks out of sync.
I took a screenshot of what very long PoW forks look like in Crosslink structure. Here you see that although there are very long PoW forks, the Crosslink attestations are coherent: they do not jump across forks; i.e. finality safety is preserved.
October 22, 2025 at 7:13 PM
I took a screenshot of what very long PoW forks look like in Crosslink structure. Here you see that although there are very long PoW forks, the Crosslink attestations are coherent: they do not jump across forks; i.e. finality safety is preserved.
The code architecture impedance mismatch basically simulated a "heavily partitioning" network, as if internet connects between miners and BFT nodes were frequently failing, and occasionally repairing.
This demo'd Crosslink's resilience, and it went way better than I expected.
This demo'd Crosslink's resilience, and it went way better than I expected.
October 22, 2025 at 7:13 PM
The code architecture impedance mismatch basically simulated a "heavily partitioning" network, as if internet connects between miners and BFT nodes were frequently failing, and occasionally repairing.
This demo'd Crosslink's resilience, and it went way better than I expected.
This demo'd Crosslink's resilience, and it went way better than I expected.
Why not fix the obvious know issue?
Because, we're prioritizing testing protocol resilience, diagnostic features, & UX.
This is actually a perfect flaw to retain while proving out BFT resilience, visualizer utility, and diagnostic techniques.
Because, we're prioritizing testing protocol resilience, diagnostic features, & UX.
This is actually a perfect flaw to retain while proving out BFT resilience, visualizer utility, and diagnostic techniques.
October 22, 2025 at 7:13 PM
Why not fix the obvious know issue?
Because, we're prioritizing testing protocol resilience, diagnostic features, & UX.
This is actually a perfect flaw to retain while proving out BFT resilience, visualizer utility, and diagnostic techniques.
Because, we're prioritizing testing protocol resilience, diagnostic features, & UX.
This is actually a perfect flaw to retain while proving out BFT resilience, visualizer utility, and diagnostic techniques.
Because of a code architecture impedance mismatch between a PoW syncing timeout vs low miner difficulty, our network had frequent long PoW splits. Rather than trying to fix that pre-workshop, we doubled down on improving our new BFT, UX, and vizualizer.
Why?
…
Why?
…
October 22, 2025 at 7:13 PM
Because of a code architecture impedance mismatch between a PoW syncing timeout vs low miner difficulty, our network had frequent long PoW splits. Rather than trying to fix that pre-workshop, we doubled down on improving our new BFT, UX, and vizualizer.
Why?
…
Why?
…