Hive Keychain Independent Audit Proposal

avatar

image.png

Everyone loves Hive Keychain, it is the only way to use many of the Hive Dapps and still feel safe.

One thing that has always concerned me of Hive Keychain is it has never been audited by a third party. There are many situations that may arise that put users of the Hive Keychain extension at risk. Some of these don't even involve the developers of the extension themselves.

Hive Keychain relies on a lot of trust that it is safe and remains safe. Most users store their posting, memo, and even active keys in Hive Keychain.

I have consulted a few crypto software auditing companies to get a rough idea what it would cost to audit Hive Keychain for secuity issues and it isn't cheap. When you start trying to audit every release, it gets even more prohibitively expensive.

The cheapest I have found is $24,000 for an initial audit, with a 10% discount on future audits as code changes. That's another $21,600 for each release of Hive Keychain.

This proposal would provide one year of auditing of Hive Keychain, which I would do personally. I have first hand knowledge of the Hive Blockchain and experience in information security (it is in fact my career).

My offer

What I am offering is an initial and complete audit on the Hive Keychain extension on both Google and Firefox web stores. Once this is complete, I will monitor all future updates of the extension and audit the changes for potential issues. I will decompile and audit the actual released version of the extension to ensure I am looking at the code actually deployed in case for whatever reason it differs from the Github repository.

This audit is security focused only and will not look for bugs or optimizations.

I would ask for 61 HBD/day for 365 days, renewed yearly. To submit this proposal will cost 1 HBD/day beyond 60 days, the additional 1 HBD/day would be used to reimburse this cost. 60 HBD/day would be compensation for my time throughout the year. This would result in a total of 21,900 HBD, a few thousand under the lowest offer to only audit the extension once. I will provide that as well as future reviews in a reasonable time after new releases.

I believe it is critical a third party reviews Hive Keychain (me or otherwise) not only once but on an ongoing basis to ensure it remains a safe option for Hive users. This proposal would offer a independent and ongoing audit of the most critical critical piece of software used by most Hive users on a daily basis.

There is currently no active proposal for this audit, but if the community feels this is something they would support, I will draft it up and update this post.

Posted Using LeoFinance Beta



0
0
0.000
142 comments
avatar

This is an excellent proposal and I will support it.
We are so reliant on Hive keychain and as more and more new Hive based apps come out I want to be able to sign into them using keychain without worrying that some new app might be an exploit of some keychain weakness.

0
0
0.000
avatar

I had blind faith in hive keychain. Never knew that it was not audited. Where can we check all the active proposals ?

0
0
0.000
avatar

A couple semi-hostile questions in anticipation of a real proposal, so you can head them off:

  1. Who are you, anyway, and why should we care? Why would the community support and trust your audit specifically?

  2. What is the state of the Hive Keychain code? Is it open-source, and if not, could it be better to make the Hive Keychain code open-source for better community audits, perhaps after an initial audit as you propose?

0
0
0.000
avatar
(Edited)

Who are you, anyway, and why should we care?

I am Marky. I've built a reputation here, that I believe speaks for itself, love or hate it.

Why would the community support and trust your audit specifically?

Someone should do it, it has been left undone for far too long. It should be someone with no ties or incentive from the original team. I have neither.

What is the state of the Hive Keychain code?

It is open source but unreviewed (as far as I know).

In my opinion, it is highly used and if something were to go wrong could potentially cause catastophic results.

0
0
0.000
avatar

Yes, I can verify that Marky is well known and has a substantial reputation on Hive.

I may not agree with him all the time but he certainly knows his code.

0
0
0.000
avatar

I know who he is. I've been supporting him as witness for ages.

0
0
0.000
avatar
(Edited)

I am Marky. I've built a reputation here, that I believe speaks for itself, love or hate it.

I know this. I would hope others do. But it's something you still should note in any official proposal. At least a couple lines.

... if something were to go wrong could potentially cause catastophic results.

Agreed. I think it is worth the effort.

0
0
0.000
avatar

If anyone should do it, it should be you. I was just chatting with @bleepcoin last night and told him that you have given me a few good security recommendations, with my favourite being Bitdefender.

Anyway, you have my vote mate.

Cg

0
0
0.000
avatar

I like this idea and while some would ask why you, the fact you have so much at stake actually give me confidence. Somy major question is ... what if you do find something? What will be done and what would your proposal be?

0
0
0.000
avatar
(Edited)

I would immediately cease using it and report it publiclly. The risk exposure is huge if there are any issues, but I don't suspect to find anything to be honest.

0
0
0.000
avatar

Thanks for the reply, actually one more reason I would suggest you do it over a third party, your reach would mean people would pay attention

0
0
0.000
avatar

This is a great point and it would be good to outline before work begins what types of actions would be taken in different scenarios.

Who would access the severity 9f the risks. Etc. If you find something how is it communicated to the community.?

0
0
0.000
avatar

I have the same trust or distrust in you or devs. I don't know any of you, so for me is just a waste of time and resources.

Posted Using LeoFinance Beta

0
0
0.000
avatar

TNO is a point of view, but it doesn't get much done in the end.

Eventually we all have to make a decision and trust someone unless you're doing the crypto-maths to sign every post on Hive by hand.

0
0
0.000
avatar

It will certainly get my support (even though that's not much). I use the keychain daily and it would be nice to know someone is looking at the code to make such it is safe

On a side note, how safe is the kiwi browser? (If you've come across it). It is a browser that always mobile users use google extensions like hive keychain on their phone

0
0
0.000
avatar

On a side note, how safe is the kiwi browser? (If you've come across it)

I have heard of it, but I have not used it. I haven't really had a need to run extensions on mobile. I run very few extensions personally.

0
0
0.000
avatar

Yeah, I remember your post on web extensions and the security risk they pose which is why I use very few myself.

0
0
0.000
avatar

I would support it. It is something which needs done

0
0
0.000
avatar

I think that this proposal is very interesting, is important to have our security standards high but I'm confused, shouldn't be the Keychain team who has to hire that auditory?. They could make their own proposal, or afford it directly. After all is their service the one that will have the benefit of it.

I think that I'll support this anyways but any answer is welcome.

0
0
0.000
avatar

shouldn't be the Keychain team who has to hire that auditory?

The idea is having an independent part that is not in anyway part of the same team.

0
0
0.000
avatar

Well that's the expected when you hire an auditory, wouldn't have sense otherwise but I get your point.

0
0
0.000
avatar

We're running on a 9k/month budget, it would mean consuming over 2 months budget every time, we push an update (and push a lot of those to always keep it secure and up to date), So, this wouldn't be feasible for us at this stage.

0
0
0.000
avatar

Would have been enough with another specific proposal for the auditory then. Is good that someone else cared to do it though.

0
0
0.000
avatar
(Edited)

This is a great proposal and i support the audit.

It would make it more valuable to the hive community if an independent agency was also involved at some level in addition to your work.

Would this be possible?

0
0
0.000
avatar
(Edited)

If you want to pay another $24,000+ per audit, sure.

0
0
0.000
avatar

I'd trust @themarkymark to do the job better and be even more trustworthy than unknown outsiders.

The simple truth is this stuff isn't easy to check and paying for someone who already knows Hive intimately means we get that back knowledge for free instead of paying 10's of 1,000's for someone new to come up to speed.

0
0
0.000
avatar

Couldn't agree more as he is a godsend helping others on here and is 1000% trustworthy. I would say it is an advantage to have someone on Hive look at it as they know all the ins and outs of where weaknesses could be and if there are any threats.

Posted Using LeoFinance Beta

0
0
0.000
avatar

Good proposal.

Some questions:

Does it include the mobile version? ( i don't use, but i expect some do).

Is the reference worth something? So can we tell it is reviewed and safu? Like the Defi protocols?

And IMO Keychain was simple in most parts ( from key storage). I think transactions and things like that can be easier manipulated. But keys should be safe because is open source and on the browser (local) pretty decentral.

If a website can access it, it must be also encrypted. I think the most easy scam is, you post something and the website sends a transfer massage. Missclick = lost funds (if active is in it).

And does it really help? I ask because of updates.

Today safe, it doesn't mean after someone accesses Mozilla or google account, it can not change.

Most Apps on those stores become problems ( from security) after the owner changes/updates.

Posted Using LeoFinance Beta

0
0
0.000
avatar

Does it include the mobile version?

No, I don’t think it’s open source but not 100% sure. I also have no way of confirming what code is running on the device.

0
0
0.000
avatar

Ok,

I see the biggest risk in updates and not in the current code. Only manual no update installations are safu IMO.

But that is really unrealistic for everyone :)

0
0
0.000
avatar
  1. Can you elaborate more on your IT security background? I have a similar background, and others on the blockchain do too, so it would be good if we can get a sense of your experience in this area.

  2. How do you think this proposal compares with something like putting together a budget for bug bounties to incentivize security researchers to find issues?

0
0
0.000
avatar

Can you elaborate more on your IT security background?

Been doing IT since high school when I started a company at around 15. I have been running an information security company for over 15 years.

How do you think this proposal compares with something like putting together a budget for bug bounties to incentivize security researchers to find issues?

Bug bounties are typically a lot more than what I'm asking for and generally have a much larger user base to work with. They don't have to be mutually exclusive.

0
0
0.000
avatar

Because this is such an awesome post, here is a BBH Tip for you. . Keep up the fantastic work

0
0
0.000
avatar

I would support this rather than an outside organisation as I believe in trust based systems. All I know of Marky is he has a swimming pool and writes knowledgeably on issues of IT security.

We use trust, perhaps more than we realise here and its a foundation of humanity that needs encouraging and as a Yorkshireman, saving a few quid is somewhat appealing!

0
0
0.000
avatar

All I know of Marky is he has a swimming pool and writes knowledgeably on issues of IT security.

I also have a cat.

unnamed.jpg

0
0
0.000
avatar
(Edited)

@themarkymark, well, I love cats, so sold🙌😜Seriously though, I think you've made an excellent point on the need to audit the keychain. I'm an accountant and we go through the audit drill a couple of times a year. If there is a security flaw to find, it's far better that an audit uncovers it than it be exploited by someone looking to make a quick buck at the expense of everyone who has worked so hard and diligently to create an incredibly rewarding social and financial hub here on Hive. I am not always one to look immediately for the cheaper option to resolve issues but I am one for being realistic about the spending capacity available (I'm super familiar with budgeting lol) My view is that if we can't afford the sky-high prices of external audit firms then we need to decide whether we want to continue with no auditing controls in place (and stick our heads in the sand, fingers crossed that the software will remain immune to attack in a world where every hacker wants to lay their hands on the wealth of others) or whether we want to think a bit outside the box and make use of the resources available to us eg: Marky alone and/or giving out the task to perhaps Marky and one other (as a collaborative duo - although not sure if this is something Marky would be open to), who together may have the combined IT audit experience and technical insights and experiential history with Hive to produce an audit result that instills confidence in all. Alternatively, we give Marky a shot at a first audit and go from there... what have we got to lose, besides a few Hive. Better than losing the entire house IMHO. Can anyone explain how long the current defactoring process is expected to take? Are we prepared to have the keychain in its current form unaudited until such changes take place? How does the funding to keychain work, as in who funds it? Being short-sighted when it comes to issues of importance like this is not an ideal approach. If we aren't prepared to pay to protect the keys to our house, we can't come crying when the burglars break in and steal our life savings. So, yes I would support the proposal.

0
0
0.000
avatar

I never thought about all the risk involved in that and I had no idea Hive Keychain was not audited.

I think it's good that this is coming from someone with a lot of skin in the game so it has my support

Posted Using LeoFinance Beta

0
0
0.000
avatar

If I remember correctly listening to one of your interviews, there was actually a bug in hive keychain that caused your power down to reset in the steem/Hive split.. and that cost you some cash as your steem was confiscated.

Do I have that right? and is that bug fixed? that would be the first place you should look.

I am supportive of an Audit, but I would have thought if there is a vulnerability it would have been exploited by now, given the market cap of Hive is in the 100m+. Its more for the reassurance that future updates and that's why I am supportive.


Posted via proofofbrain.io

0
0
0.000
avatar

If I remember correctly listening to one of your interviews, there was actually a bug in hive keychain that caused your power down to reset in the steem/Hive split.. and that cost you some cash as your steem was confiscated.

Yes, I had actually started my powerdown shortly after the Justin Sun and Ned Scott "ask me nothing" show. I knew at that point Steem was fucked. I would have had 90-100% of my Steem powered down by the time they came around to steal it. Instead, about halfway through my power down was canceled due to a bug in the earlier build of Hive Keychain that sent transactions to Steem by mistake.

Do I have that right? and is that bug fixed? that would be the first place you should look.

Long since fixed.

0
0
0.000
avatar

I would support this. I think we have seen at least in the DeFi space how important audits can be. With the number of people using Keychain and the amount of money in transactions that take place every day via the extension, it is important to make sure it is secure. Draft it up! I will vote!

Posted Using LeoFinance Beta

0
0
0.000
avatar

I would support this, but what I would like to see as well is, that you let this company do an external audit of the hive-keychain code once per year as well. The more eyes on the code, the better. Maybe even combine this into one proposal? Or make two.

You are correct that the keychain-app is of utmost importance and a critical security hole could have catastrophic consequences. Going forward I think we should use our funds to assure that this nightmare scenario never happens.

0
0
0.000
avatar

I would support this, but what I would like to see as well is, that you let this company do an external audit of the hive-keychain code once per year as well.

If someone wants to pay the $24K for it, by all means.

0
0
0.000
avatar

I was using hivesigner before. I just started using hive keychain. I was wondering how safe it is. I saw that many of people I know and trust on Hive recommend it. Based on my trust on these people and on hive block chain in general I decided to trust the keychain. But it is an excellent idea to have it audited. I will support the proposal.

0
0
0.000
avatar

hi,

my question is have any/all of the other keysigners been audited in the past?? or would they need to as well?

0
0
0.000
avatar


Hello @themarkymark… I have chosen your post about “-Hive Keychain Independent Audit Proposal-” for my daily initiative to re-blog - vote and comment…
09.jpg
Let's keep working and supporting each other to grow at Hive!...

0
0
0.000
avatar

I'd support you. Not sure my support means much—I've been here nearly as long as you have, but I am neither as invested nor as well networked. Regardless, I'd support your proposal.

0
0
0.000
avatar

The audit report would have to have your company name or at least your name and credentials/certs on it to be taken seriously. It can't just say "prepared by themarkymark". Are you prepared to disclose this level of information?

0
0
0.000
avatar
(Edited)

I would not support such a proposal as you have presented it to us.

You refer to "external prices" to support your valuation but do not provide any information about them (company names, offers, ...). It would be nice to know more about the proposals you received.

You also do not provide an estimate on the volume of work that such an audit represents. It might be good to know how often Keychain undergoes updates, either to adapt to the change of the blockchain code (hardfork) or to integrate new functionalities. Have you ever inquired about this?

More important is the timing of your audit. Did you know Keychain is under heavy refactoring? It would be quite wasteful work to do an audit before this major overhaul has been done and released.

I'm also surprised you do not plan to audit Keychain Mobile and wrote in a reply you do not know if it is open-source. Yet it is easy to find (https://github.com/stoodkev/hive-keychain-mobile) as it is the last and most updated repository from @stoodkev on Github.
It would be a shame to do things halfway. While I understand that it is difficult to certify that the executed code of an application is the same as that of the repository, it would still be good to ensure that the available code is safe.

Add to this that @stoodkev does not hesitate to present himself publicly, which is not your case, and him having as good a reputation as yours, we can have good reason to trust him that he doesn't cheat when he pushes the app to the stores.

Finally, I would find it more appropriate to make a proposal to fund the initial audit once it is done and to proceed in the same way when there are updates to Keychain. If the quality of the first one is there, there should be no problem approving the following ones.

0
0
0.000
avatar

What credentials do you have as an auditor ? The value these audit companies bring is not really code review but in depth knowledge about everything related to computer security.
IHMO I'd rather see an audit company where it's their bread and butter perform the audit instead of you (no offense), and where you take a cut and provide assistance with your hive-specific knowledge

0
0
0.000
avatar
(Edited)

i found him to be someone that refused to debate

don't care if you believe it or not, i have come to see

the earth is indeed flat, markymark made a post decrying the opposite and then didn't engage my comment

https://hive.blog/science/@klevn/qjf4zz

those with closed minds often have an agenda

and they aren't sharing, and that is not secure

i also suspect he got steemflagrewards to downvote me, as it was received almost immediately upon posting

who runs them if he doesn't and why was this post downvoted by them? did i say something offense other than to ask for proof?

0
0
0.000
avatar

BAHAHAHAHA

That's the funniest shit I read today.

I know am late at the party but still funny ass shit. Your flat earth reply that is.


Posted via proofofbrain.io

0
0
0.000
avatar

typical zero content flat earth denial reply.

can't refute anything specific, can't be debated

seek the reactionary and hope people ignore and refuse to engage

0
0
0.000
avatar

LOL You some kinda funny as shit.

Was there a documentary made by flat earthers once where they had these instruments that proved their theory debunked?

0
0
0.000
avatar
(Edited)

there have been many attempts to provide 'flat earthers' being debunked

but none have actually gone after Eric Dubay.

here is a real documentary

here is a real website from and by flat earthers

https://ifers.123.st/

wonder why flat earth society exists, is referenced by obama, and yet is actually considered a fraud by flat earthers? that is how big this lie is .. all the way to the president of the united states

0
0
0.000
avatar

smoke and mirrors that is all I am seeing right now and emus with their heads in the sand.

Galileo was held in confinement for arguing that the earth was round some 2 centuries or so ago and here you are today trying to revive an archaic belief that the earth is flat.

Kinda reminds me of the magic Mormon glasses.

0
0
0.000
avatar
(Edited)

proof is proof .. a man confined is not proof

debate using reason and logic or not at all

ironic is it not .. that you are the one arguing without these things

while claiming my understanding is the archaic one

0
0
0.000
avatar

Ahh so you want me to link websites as proof.

Ahh you want reading material which you probably won't read.

Ahh you want me to give you something that you will believe to be true if you read them?

Because I am not claiming anything here, your the one claiming the earth be flat like Kid's flat top.
Because I am not claiming anything that is already widely acknowledged as opposed to some dude claiming they know the secret.

Maybe if you save you money and build yourself a spaceship and go into space and show this proof of yours other than links to someone else's ramblings.

I think you need to lay off the drugs man. The hardcore drugs from links you feeding your brain with.

And yes your understanding is archaic.

0
0
0.000
avatar

look at all those words, and not an ounce of proof.

suez canal is 100 miles (straight line) .. it is level the entire distance

ball earth predicts 100+ ft of change .

you can't explain that, and your ball earth believing friends excuse this .. because your beliefs..

are the archaic ones

0
0
0.000
avatar

Here, hope you get a hard on because you managed to get me to find something as a reply.

suez-canal.jpg

0
0
0.000
avatar
(Edited)

makes zero sense.

i just said the canal was level, across 100 miles.

and you present me with a picture..

that has a bevel in it .. claiming that is just how it is

you have only proven you don't understand what level means

0
0
0.000
avatar

I think you think you some kind of smart person.

Picture shows what you just purported. The level LOL

Emu with its head in the sand. Ever heard of gravity? Newton? Apple falling from a tree? The gravity equation? Physics?

It's ok, you don't want to admit you are wrong, probably because you have invested so much of your time and effort. Along with purchasing what ever quack pot ideas these snake salesmen have sold you.

Science...

But then again I know what you really want. A free ticket up into space by arguing your point until someone wants to shut your mouth with the truth by paying for your fare up there.

Here so you can understand what it is that is level. Am sure you won't watch because it will just prove you wrong.

0
0
0.000
avatar
(Edited)

Ever heard of gravity?

yup, and it is unprovable garbage

Newton?

yup

Apple falling from a tree?

ever seen an apple fall in water? what happened to your gravity?

The gravity equation?

equation of an apparent physical phenomena .. labeled to be something beyond boyancy with zero proof

Physics?

passed college level physics

It's ok, you don't want to admit you are wrong ... Science...

science is observation of physical reality. you are viewing reality thru a corporate lens that is profitable for many but actually fails to stand up to reality tests. right now there is a 70% failure to reproduce a scientific study .. your scientific world has walked away from reality around the time of Tesla .. in which he stating basically .. we have gone further and further from reality into a theoretical world.

A free ticket up into space by arguing your point

no, i want to stop wasting BILLIONS everyday what returns nothing.

nasa has more cgi computers than hollywood. nasa uses more helium than pretty much anyone.

why? weather ballooons and cgi are what they do

that, and pay to people lie.. and force people that give conclusive evidence to go away

https://earth.nullschool.net/ <- this used to have a flat earth map that when viewed on a live map of live earth made it clear the reality made more sense as you saw the flow of consentric of temperature and wind around a north pole. THEY REMOVED THIS FROM THE WEBSITE .. DELETED IT FROM THE GITHUB .. and broke their own project .. yet never said why ..

i put the project back together and proved it was NOT accidentally broken.. but purposedly broken ..

archaic, false beliefs require removal, destruction of truth to survive.. and I have witnessed numerous take downs of flat earth ideas .. not by truth.. but censorship without reason.

0
0
0.000
avatar

Tesla's theory of ether was disproved by Einsteins 'special relativity' which says nothing is faster than light

Quantum entanglement is a physical phenomenon that occurs when a group of particles are generated, interact, or share spatial proximity in a way such that the quantum state of each particle of the group cannot be described independently of the state of the others, including when the particles are separated by a large distance. wikipedia

this proves something is faster than light, disproving Einstein and proving Tesla correct

the scientific world still has not fixed this error.

the incredible number of lies we live with.

your 'science' is anything but trustworthy these days.

0
0
0.000
avatar

Dafuq. Did you pull that from your arse?

That's well out of left field and a total red herring.

Based on what you say you must be some kind of mystic then and flat earth is just a feeling and not founded on anything other than wanting a safe space.

raw.gif

0
0
0.000
avatar

literally nothing said above is mystical.

you are having trouble distinguishing reality.

you never miss an opportunity to put me down.

but it appears that is your entire defense..

the funny part is when folks actually investigate this for themselves and discover all the laughing was at them...

0
0
0.000
avatar

You are absolutely correct. I am putting you down as much as I can, not because it makes me feel good, its just because I think your reality is not the same as my reality. You living in a parallel dimension and have inadvertently arrived here in my reality.

And you not even looking at what you said that makes what you say mystical if I have to believe what you are spouting.

0
0
0.000
avatar

yet I point at mountains that can be seen from hundreds of miles .. all the way down to the base

the fact you don't understand the implications of this is not a fault in my presentation

but your inability to understand is directly related to your belief you are correct in the face of facts that defy your reality .

yet you literally have nothing that 'proves' your point..

you have nasa (big gov)

you have space x (big corp)

i have videos of bubbles in space

i have pictures of prop rocks present ON THE MOON from the official photography

you believe a man stepped onto soft moon dust after have landed using jet propulsion landing system .. that was only tested once and crashed during that test

literally nothing about your reality stands up to scrutiny.

still laughing at the suez canal picture you presented. literally stated the canal was 100% level and you present a picture with a curve ..

0
0
0.000
avatar

All good, am sure your staunch belief will hold you steady.

0
0
0.000
avatar

you ran away from providing the curvature of the earth formula

you lie and you know it

0
0
0.000
avatar

Would there be anything that could change your belief that the earth is not flat?

0
0
0.000
avatar
(Edited)

i looked vigorously for proof that the earth is a ball .. it was because my search failed that I became a flat earther

is there anything that could change your belief that the earth is a ball?

ZWoliYpI8i6WM2FW-upsLcnnoHl5_SWmHuE65g3JK6Y.webp source
because we are spinning at 1000 MPH (supposedly) .. this would be our water .. gravity is unprovable but the force seen here flinging the water into the air .. is in fact very provable

because I have already given you multiple examples you fail to counter

suez canal is level for 100 miles and you provide a curved earth picture claiming that level is relative

no, level means level ..

uyuni-bolivia-00-cabecera.jpg
source

relative level wouldn't provide a perfect mirror that we see here..

or long trail of the sun at sunset...

sunsetOceanCalm.jpg

source

how many miles is that? yet it is a perfect unbroken line from you to the sun.

I listen and welcome all new information

information sources not accepted: big gov, big corp .. should be simple right?

0
0
0.000
avatar

So you searched out in space?

0
0
0.000
avatar

how many feet of concrete is require to make perfect vacuum?

10 feet, of reinforced concrete

and we have people going up in tin cans, thru the thermal sphere

the hilariousness of this is beyond funny, and you either understand it fully and are ignoring it .. or ignorant and blindly following lies given to you

the one time we tested a 'space suit' by putting the guy in the vacuum chamber .. the water on his tongue started to boil and he passed out

http://www.spacesafetymagazine.com/aerospace-engineering/space-suit-design/early-spacesuit-vacuum-test-wrong/

this is the first and last time they ever tested a suit in a vacuum .. how can this be?

0
0
0.000
avatar

Anyway, its been fun listening to your delusions. Am sure there are lots of you that have this delusion. I am calling it quits because frankly I have not found any value to your point other than you are anti establishment. Am sure you have had been screwed sometime in the past by something and therefore are this way.

So I bid you adieu, take care and hope you don't fall out of the cuckoos nest or the edge of the earth. Which ever one comes first.

0
0
0.000
avatar

curvature of the earth formula

you know you can't find it

you sir, are delusional or a liar

0
0
0.000
avatar

since you like things to be official, here is nasa

On page 35 of this document we find this gem:

  1. CONCLUDING REMARKS
    'This report derives and defines a set of linearized system matrices for a rigid aircraft of constant mass, flying in a stationary atmosphere over a flat, nonrotating earth.'

government documents refer to flat earth

0
0
0.000
avatar

There is such a thing as difference in opinion. Mine is just the truth and yours is just hot gas flowing coming out of your mouth.

0
0
0.000
avatar

the difference being you like to make snide comments

i provide proof that makes sense

gyroscope, once setup properly will remain constant in space .. we have videos of them spinning perfectly in place for over 24 hours

yet we are supposedly spinning at over 1000 mph, flying around the sun, and spinning around the galaxy, and flying away from 'the big bang'

0
0
0.000
avatar

link that video

0
0
0.000
avatar

haha holyshit they have all been replaced on youtube with flat earth denial videos.

https://hive.blog/video/@klevn/re-uvas-re-klevn-re-uvas-re-klevn-re-uvas-re-klevn-re-uvas-re-klevn-re-uvas-re-klevn-re-uvas-re-klevn-re-uvas-re-klevn-re-terenceplizga-re-einarkuusk-0bl2cofu-20180123t233306790z

https://hive.blog/video/@klevn/re-uvas-re-klevn-re-uvas-re-klevn-re-uvas-re-klevn-re-uvas-re-klevn-re-uvas-re-klevn-re-uvas-re-klevn-re-uvas-re-klevn-re-uvas-re-klevn-re-terenceplizga-re-einarkuusk-0bl2cofu-20180124t140414392z

i had posted them here, and now they are all actually ball earth videos. literally changed them.

you can clearly see by the follow-up comments that they are in fact what I say they are or the guy i was talking to would have laughed. (he was alot like you)

whatever, it is going to get harder and harder to prove what multi-trillion dollars wants to hide

i might have saved them, I will look later

0
0
0.000
avatar

Or here's another for you. Again you will just be like the bearded dude jumping up and down denying they are wrong LOL

Wiggle room to just make shit up. Head in the sand.

0
0
0.000
avatar

providing a commercialized video that exactly goes against what individuals have proven..

here is a $10,000 challenge.. why nobody has won yet?

literally the picture you showed is wrong, you are wrong.

we can see mountains we can see from over 100 miles away .. all the way down to the base

we can see the 'all day sun' at latitudes physically impossible for a 'ball'

please find curvature of the earth formula on wikipedia so we can both be clear..

that it doesn't exist

0
0
0.000
avatar
(Edited)

What credentials do you have as an auditor? The value these audit companies bring is not really code review but in depth knowledge about everything related to computer security.

Been running an Information Security company for over 15 years as I said elsewhere. I haven't formally audited software as business, but I know code, I know security, and I know Hive. It's more someone should do it, and it is constantly changing and would be really expensive to have a professional orgnization do it when it is updated.

To be honest, with Keychain approaching $400K in DHF funding, third party auditing should be baked in, it is used by almost everyone and has ultimate access to keys.

0
0
0.000
avatar

To be honest, with Keychain approaching $400K in DHF funding, third party auditing should be baked in, it is used by almost everyone and has ultimate access to keys.

According to a quick search on HiveSQL, we've received 111,561.960 HBD so far (+16k SBD before HF). I don't know how you got to 400k.
Our current funding is 9k/month, an external audit at the rates you've presented would have set us back several months in development at each release.

0
0
0.000
avatar

he has hacking and money taking for free skills

0
0
0.000
avatar

Hi Marky this is a no brainer as if this doesn't happen it could be seriously bad. We are talking many users who use this and as Hive goes up in value plus the stakes are getting bigger. $21K is nothing compared to what could be lost. I will back this proposal and I am sure others would to. I am glad you are around as how many times have you helped me already.

Posted Using LeoFinance Beta

0
0
0.000
avatar

Audits are important ways of checking the safety of blockchain, I believe @hivekeychain got this covered but the intiative is good and would encourage a follow up with the team players or a write to support, this might just be the right step to a positive direct.. 💪💯

0
0
0.000
avatar

Overall chain sentiment would be effected if Keychain is compromised.

  • what ever happened to the white hats
0
0
0.000
avatar

Not sure the question, Hive is filled with white hats, gray hats, and black hats just like any other community.

0
0
0.000
avatar

I think it should be more of a community driven project. I think you raise a great point though. A lot of companies also fund hackathons.

0
0
0.000
avatar

Sure, why not. We are not giving enough money away at this point for Keychain,

0
0
0.000
avatar

I would gladly support auditing Keychain, we are usually posting very frequent updates, which would make repeated external audits very expensive.

After reading the comments section, I do have a few remarks and questions though:

  1. The project started small and grew fast, and that led me to decide to start a refactor a few months back, that will hopefully be ready by year end. We are rewriting the entire code base using React.js, is it a library you are comfortable with? Also, this means that depending on when you start, you'd have to review the entire code twice.

  2. Yes, Keychain Mobile is 100% open source: https://github.com/stoodkev/hive-keychain-mobile

  3. I would also like to see the question of your credentials being addressed. Not that I don't trust you have to skills to do this, as you put it, you've built a reputation here. However our ecosystem is growing faster than ever and your reputation won't mean much to new comers. Could you include a list of relevant projects that you've reviewed/audited in your proposal?

0
0
0.000
avatar

An audit?? Sounds cool to to me now there'll be a check on every financial record.


Posted via proofofbrain.io

0
0
0.000
avatar

Sounds good but... after reading the comments, as a random hive user willout any influence at all, i find your lack of reponse to some of them a bit weird. Still im ok with this and find it as something that is needed right now.

0
0
0.000
avatar

I'm not caught up with all the messages, but I'm doing a jam right now trying to knock out a product by the end of the weekend.

0
0
0.000
avatar

LOL audit from a guy who made money stealing from others using free bidbots not paying correctly back and hacking steem games

0
0
0.000
avatar

Making shit up now because you are getting flagged?
Can't say I'm surprised.

0
0
0.000
avatar

nah i knew it way before just never spoke. proof me (actually not me as thats others) wrong

0
0
0.000
avatar
(Edited)

plenty people here who can track you and your bot to see you never paid to get any of the HIVE/STEEM just got it free from the bots and hacking 1 game

0
0
0.000
avatar
(Edited)

Keychain stopped working last night for delegations? What's going on?

Screenshot 2021-10-21 at 7.07.51 AM.png
There is a blank there now?
Yeah we need an audit. Would be best if it was some 3rd party though, like these two!

Screenshot 2021-10-21 at 7.09.18 AM.png

0
0
0.000
avatar

I just did a delegation using it, and it worked fine.
Try restarting your browser, also check if you are using latest version of Keychain. Do a search on Chrome web store for 'hive keychain' and check version numbers.

0
0
0.000
avatar
(Edited)

O.K, good to know. Yeah must be my cache, or my version needs an update. I was about to try that next. Yeah I never have any problems with it before. Once last week it acted up, but besides that it's the best. Thanks

0
0
0.000
avatar

Audit's of this sort are never a bad thing.

This is especially beneficial if Hive ever wants to deal with a 3rd party. Financial institutions always demand some sort of SOC audit when doing business. It will make hive seem more legit.

Posted Using LeoFinance Beta

0
0
0.000
avatar

Did this ever happen; would be good to see an audit.

0
0
0.000
avatar

No. It didn't seem in the cards.

0
0
0.000
avatar

Pity; this seems a no brainer for the community. Who does it is perhaps a separate debate but having it would seem essential to me.

0
0
0.000