►
From YouTube: Devcon VI Bogotá | Workshop 3 - Day 2
Description
Official livestream from Devcon VI Bogotá.
For a decentralized version of the steam, visit: https://live.devcon.org
Devcon is an intensive introduction for new Ethereum explorers, a global family reunion for those already a part of our ecosystem, and a source of energy and creativity for all.
Agenda 👉 https://devcon.org/
Follow us on Twitter 👉 https://twitter.com/EFDevcon
A
A
The
third
step
of
security
starts
because
what
you
should
actually
be
doing
is
you
should
develop
a
threat
model
listing
risk
possible,
attack,
vectors
and
possible
mitigation
of
different,
so
how
different
actors
May
threat
your
system
and
already
at
this
stage,
think
about
what
can
go
wrong
or
How?
Could
an
attacker
attack
your
project?
A
A
Implementing
and
documenting
what
you're
implementing
should
go
hand
in
hand.
Ideally,
you
start
documenting
what
your
system
does,
what
your
function
do
early
and
when
you're
writing
code
when
you're
writing
a
function
you're
at
a
very
low
level,
very
deep
and
very
concentrated
on
this
very
function,
making
it
efficient,
making
it
nice
making
it
safe,
but
you
risk
losing
the
whole
picture.
A
Writing
documentation,
helps
you
to
place
this
function
in
the
big
picture
and
gives
you
another
angle
to
look
at
your
project
and
how
this
function
interacts
with
multiple
parts
of
your
system
and
where
a
project
should
arise.
So
writing
code
and
documentation
should
go
hand
in
hand.
Unfortunately,
we
see
it
often
with
our
clients
that
they
write
documentation
as
one
of
the
last
steps
and
sometimes
then
the
documentation
simply
describes
what
they
see.
A
So
I
understand
writing.
Documentation
is
really
boring
and
stuff.
We
won't
cover
this
in
the
workshop
today.
If
you
want
to
see
a
perfect
example
on
how
good
specification
and
documentation
is
done,
I
point
you
to
UNI,
swap
they
have
a
very
nice
white
paper
which
contains
the
specification
what
your
system
does
and
in
addition
to
that
they
have
very
nice
documentation
on
what
the
implementation
of
the
smart
contract
does.
What
the
individual
function
expect
is
input
what
they
do
and
what
they
have
as
output.
A
So
I
recommend
checking
out
this
for
your
project.
What
we're
going
to
focus
on
in
the
workshop
today
is
testing
your
project.
Unfortunately,
that's
auditor
we've
seen
it
often
that
projects
are
not
really
tested
and
testing
covers
lots
of
things.
So
sometimes
we
need
to
guide
our
clients
and
point
them
to
links
on
how
they
can
efficiently
and
meaningfully
test
the
project.
A
So
we
want
to
give
you
some
pointers
and
some
initial
training,
so
you
can
get
it
started
with
your
own
project.
This
will
include
unit
tests,
property-based
testing,
forked
mainnet
test
at
the
very
end,
we'll
talk
about
further
things.
You
should
consider
to
get
your
code
in
an
auditory
State
and
even
after
the
audit
is
completed
once
you
deploy
your
code
to
mainnet,
there
are
further
steps
you
should
take
to
ensure
the
continuing
security
of
your
smart
contracts.
A
Yep,
that's
the
only
slide
covering
specification
and
documentation,
as
I
said,
you
should
tackle
this
early
on.
Apart
from
the
threat
model,
we
discussed,
you
should
think
about
invariant
things
that
should
always
hold
things
that
should
always
hold
when
the
system
is
in
this
state
and
new
invariants.
When
the
system
changes
into
another
state,
this
can
help
you
find
bugs
early
and
the
last
point.
This
is
not
only
to
have
nice
documentation
for
the
auditor
or
for
you
during
your
development
process.
A
No,
the
documentation
is
also
critical
for
the
users
of
your
project,
so
they
know
what
they
interact
with
for
other
D5
protocols
that
interact
with
your
protocol.
They
need
to
rely
on
your
documentation
that
it's
extensive
and
accurate
when
they
integrate
with
your
functions.
They
mostly
refer
to
your
documentation
and
there's
also
reason
why
you
should
have
good
documentation
to
avoid
problems
when
third
parties
integrate
with
your
system.
A
The
example
is
a
simple
fund:
it's
a
smart
contract
that
holds
funds
in
the
form
of
erc20
tokens.
Users
can
buy
into
the
fund
by
depositing
the
underlying
token
of
this
fund
and
they
get
pool,
share
tokens
back
and
there's
a
fund
administrator.
Who
can
use
these
funds
for
trading
with
uni
swap?
Are
they
compound?
The
goal
is,
of
course,
that
he
increases
the
value
of
the
fund
at
a
later
point,
the
users
of
the
funds,
the
holders
of
the
pool
share,
can
withdraw
their
shares
and
hopefully
made
a
profit.
Of
course.
A
So
in
our
small
contract
we
will
have
the
users
the
fund
owner
as
the
two
parties.
Interacting
with
that,
let
me
switch
to
the
code
as
it's
important
to
get
a
good
understanding
of
the
code
before
we
think
about
the
properties
and
write
the
test
to
avoid
confusion.
Yeah
this
code
is
all
in
the
GitHub
repo
I
shared
earlier
with
you
interested
to
follow
along.
A
So
here
I
opened
our
code.
Sorry,
that's
already
the
test,
that's
the
fund,
so
it
has
a
lot
of
code
to
get
it
going.
Right
is
our
fund
we
inherit
from
sc20,
so
we
have
our
pool
shares
right
built
in
we
have
some
admin
staff
or
stuff
to
attract
the
tokens.
I
will
find
supports,
we'll
take
a
fee,
it's
three
percent.
So
as
we
it's
when
we
deploy
the
fund,
we
deploy
an
underlying
asset.
This
is
what
we
will
use
for
the
funds,
value
calculation
and
we'll
add
the
token
a
supported
asset.
A
The
owner
can
add
further
tokens.
The
order
owner
can
remove
tokens.
Both
functions
are
not
really
relevant
for
our
test
cases.
Each
token
needs
a
price
feed
so
that
its
value
can
be
evaluated
here
we
have
deposit
and
we
draw.
These
are
the
two
user-facing
functions,
and
these
are
also
the
two
functions
our
tests
gonna
cover.
So
let
us
quickly
go
through
them,
so
we
have
a
good
understanding.
A
We
deposit
an
amount
it
gets
transferred
from
the
user.
We
estimate
the
total
value
of
the
user.
We
need
to
handle
the
special
case
for
the
first
depositor
separately.
As
the
funds
doesn't
hold
any
value
back
then,
and
we
would
have
zero
value,
so
the
standard
case
after
the
fund
is
live
and
holds
fund
is
the
else
Branch.
We
calculate
the
total
Supply
calculate
how
many
pool
shares
to
mean
for
the
user
and
how
many
pushes
to
mean
for
the
admin
fee
will
go
in
more
details
here
shortly
with
the
test
withdrawing
pull
shares.
A
Basically,
the
opposite.
You
give
up
shares
you
hold
and
you
get
a
proportional
amount
of
tokens
transferred
to
you.
Obviously,
your
pushers
are
burned,
then
there's
a
manage
function
which
the
admin
can
use
to
trade
with
the
funds
tokens,
but
it's
not
going
to
be
used
in
this
Workshop
down.
Here
we
have
a
functions
to
estimate
the
value
of
the
fund,
yeah
lots
of
information,
a
quick
time
frame
and
I
hope.
You
have
the
code
in
front
of
you
and
should
any
questions
arise
during
the
tests?
A
A
A
Implementing
a
smart
contract,
it
should
adhere
to
some
specification
right.
In
our
example.
The
fund
should
have
a
fee
of
three
percent,
and
this
fee
should
be
taken
when
the
user
deposits
money
and
gets
his
pool
shares
at
this
time.
Three
percent
of
the
value
should
go
to
the
owner
and
the
owner.
Another
property
is
the
owner
should
always
get
this
fees.
When
a
user
deposits,
no
user
should
be
able
to
deposit
without
paying
fees
to
the
admin.
A
Let's
first
start
with
testing
and
there
are
different
kinds
of
tests
in
your
smart
contract.
You
have
small
internal
helper
function,
which
may
also
be
public
like
our
estimate
function,
which
estimates
the
value
of
the
fund.
You
have
the
buy,
shares
functions,
deposit
functions
which
is
a
bit,
takes
more
steps
right,
and
ideally
you
have
tests
on
every
level.
You
test
your
unit
tests
for
each
function.
You
do
integration
tests
for
processes
that
include
multiple
steps,
but
in
the
end
you
should
also
like
test.
Your
system
like
it
is
in
production
and
with
smart
contract.
A
The
production
environment
is
the
blockchain
right,
you
deploy
it
into
the
blockchain
and
there
it
interacts
with
other
existing
smart
contracts.
So
you
should
properly
test
it
integrating
with
the
smartcock
tracks
on
chain,
so
you
don't
get
any
negative
surprises
or
any
incompatibilities
or
anything.
A
B
A
We
should
want
to
write
a
test
case
which
are
certain
that
the
user's
pays
three
percent
fee
to
the
owner
and
if
the
user
redraws
that
he
gets
97
of
the
value.
So
if
the
user
deposits
and
withdrawals
immediately,
he
should
get
97
of
the
value
back,
because
the
other
three
percent
is
the
fee
for
the
owner
yeah.
So,
let's
jump
into
the
code,
we
are
back
into
the
code
editor
and
we
move
from
The
Source
directory
into
the
test
directory.
A
So
if
you
want
to
follow
along,
you
can
open
the
integration
test
file
how
Foundry
works.
You
write
your
test
files
in
the
test,
sub
folder
and
you
call
them
integration.t.sol
and
it's
basically
solidity.
So
as
you
can,
or
as
a
developer
you're
familiar
with
solidity,
no
need
to
learn
another
language
or
anything
else.
You
can
just
use
what
you
used
to
solidity
and
continue.
A
You
inherit
from
test-
and
you
have
all
this
fancy
stuff
available
which
allows
you
to
impersonate
another
account
distribute
E4
to
another
account
move
in
time
or
whatever
you
need
in
your
tests
and
with
your
test.
You
cannot
simply
test
your
function,
as
is
right.
It's
a
like
a
blockchain.
You
first
need
to
set
up
the
state,
meaning
in
our
case
we
first
need
to
deploy
our
fund,
but
deploying
the
fund
alone
is
insufficient.
A
A
So
we
can
easily
use
them
for
testing
and
writing
a
test
is
really
simple
and
remember
what
we
wanted
to
write
a
test
for.
We
wanted
to
see
if
the
code
of
the
fund
we
implemented
adheres
to
our
requirement
that
when
depositing
three
percent
of
the
fees
go
to
the
admin
and
that
the
user
can
withdraw
at
all
time,
so
of
course,
this
is
like
the
high
level
statement.
A
A
No
sorry
we
get
Alice's
balance
of
rep
div,
but
we
know
that
from
the
setup
that
it's
a
unit,
so
we
deposit
everything
and
adjusted
everyone
know
Unis
stands
for
1
to
the
power
of
18,
so
one
if
and
which
has
18
decimals
as
well.
Right
now
that
you
get
confused
here,
so
we
have
Alice
balance
up
here,
we
deposit
it.
A
A
A
So
with
this
test
case,
let's
run
it.
A
A
So
what
I'm,
basically
doing
here
with
match
I
just
take,
which
test
case
to
run
it
runs
the
test,
but
it
unfortunately
doesn't
pass
reason
the
assertion
failed.
Now
we
can
tell
Foundry
to
give
us
more
variables,
output
to
figure
out
what
went
wrong
and
minus
V.
You
can
go
up
to
5V.
It
defines
the
level
of
verbosity
the
output
should
have
so
now
we
see.
A
A
A
What
happens
up
on
deposit
we
transfer
Alice's
money
first
to
the
smart
contract
and
only
afterwards
estimate
the
fund's
value
and
based
on
the
value
with
already
the
funds
of
Alice
transferred
to
the
fund.
We
mint
the
shares-
and
this
is
incorrect
as
Alice's
token,
which
it
transferred
to
the
fund
shouldn't
be
taken
into
account
into
so
if
we
transfer
the
tokens
from
Alice
first
to
the
fund,
the
value
of
the
fund
already
increased,
but
we
haven't
issued
shares
for
this
increase
yet
right.
A
So
the
shares
the
existing
Shares
are
overvalued
and
Alice
gets
less
shares
and
then
can
only
redeem
less
and
doesn't
get
enough.
So
the
solution
is,
we
need
to
estimate
the
value
of
the
fund
first,
only
afterwards
transfer
Alice's
token
to
the
contract
and
then
issue
the
shares
based
on
the
amount
before
Alice
transferred
her
funds.
A
And
as
we
see
writing
a
test
case,
while
developing
our
smart
contract
helped
us
uncovering
a
stupid
bug
which
otherwise
would
have
remained
in
the
court
until
maybe
the
auditor
would
have
found
it
way
later.
A
A
A
When
you
know
the
code
you
interact
with
so
Foundry
allows
us
to
test
a
function,
call
with
a
random
value
and
see
if
our
assert
condition
hold
for
all
these
random
values.
We
check,
we
still
have
no
guarantee
that
it
works
in
any
case,
but
of
at
least
we
have
a
way
better
feeling
that
it
works
with
big
numbers
which
may
have
triggered
an
overflow
somewhere.
It
works
with
small
numbers
where
maybe
rounding
issues
lead
to
failure.
A
Yeah,
this
is
basically
what
describes
the
difference
up.
We
have
the
unit
test
case
where
we
just
test
one
fixed
value.
The
example
we
just
did
below.
We
have
the
property-based
testing,
where
we
write
the
set
of
action
depending
on
a
random
value
where
we
assert
something-
and
we
just
tell
our
tool
to
test
it
with
many
value
and
see
if
it
can
break
the
condition.
A
Still
in
integration,
and
we
want
to
test
that
the
owner
gets
a
non-zero
fee.
So
the
rough
idea
behind
our
test
case
is,
we
save,
store
the
owner's
share
balance
we
let
the
user
deposit.
We
query
the
owner's
share
balance
again
and
it
should
have
increased
right
after
a
after
a
user
deposited,
because
disassigned
fees
to
the
well
I
just
saw
that
I've
already
implemented.
It
forgot
to
delete
it
so
yeah
codewise,
we
query,
Alice's
balance.
Sorry,
no,
let
me
delete
it
and
that's
a
that's
not
worth
it:
okay,
Okay!
So
let's
consider
this
part.
A
A
A
A
C
A
D
A
A
A
A
E
A
Admittedly,
writing
good
tests
takes
time
right.
You
need
to
design
them
properly,
you
need
to
implement
them
properly,
and
you
also
need
to
see
check
that
your
tests
are
bug.
Free,
I,
remember
a
story:
once
we
audited
the
system.
After
two
weeks
of
audit,
we
found
a
broken
functionality
while
manually
reviewing
the
code,
but
we're
really
puzzled.
Why
is
this
code
broken
because
they
have
a
test
case
and
it
seems
to
work
only
later.
We
realized
that
the
test
case
was
broken
and
the
small
contract
was
actually
wrong.
A
A
Reading
on
how
the
special
special
behavior
tokens
might
have,
you
should
still
test
as
like
in
production
as
close
to
the
production
as
possible,
and
lots
of
tools
out
there
now
enable
testing
against
Forks
of
the
mainnet.
What
this,
basically,
is?
You
run
tests
against
the
local
copy
of
the
real
ethereum
Network,
so
you
integrate
with
the
real
Ave
with
the
real
uni,
swap
you
use
the
real
usdt
code,
and
this
helps
you
detect
more
Corner
cases
and
other
unexpected
one
big
Advantage.
A
A
A
We
want
to
test
that
redrawing
always
works,
and
we
know
from
the
okay
in
the
integration
test.
We
had
the
setup
function
right,
we
deployed
our
own
web.
If
token
we
deployed
our
own
fund
and
everything
we
deployed
our
own,
because
we
had
to
build
the
whole
environment
ourselves
and
if
you
note,
the
Zapped
up
function
here
is
different.
We
don't
deploy
our
own
tokens.
Instead,
we
interact
with
the
real
wrapped
e
for
token
on
chain
and
the
real
usdt
token
on
chain
and
the
real
chain
link
price
feeds.
A
Foundry
is
gonna,
do
a
local
copy
of
the
current
mainnet
state
of
this
contracts
and
their
state
locally,
which
our
tests
will
run
again,
so
we're
not
deploying
a
default
mock
token
contract,
but
we're
running
it
against
them.
So
we
are
basically
again
testing.
A
A
A
A
A
A
Yeah:
okay,
if
it
doesn't
work,
I'm
gonna
have
to
explain
you
yeah,
fortunately
no
chance.
So
actually
the
surprise
is,
as
we're
now
running,
our
code
against
live
on
chain
code
and
we're
integrating
with
rep
and
usdt
and
the
rep.
If
transfer
will
work
as
expected.
However,
usdt
doesn't
really
adhere
to
the
esc20
standard
in
the
sense
that
their
transfer
from
function
doesn't
have
any
return
value,
and
our
code
of
the
fund
actually
depends
expect
the
return
value
here
on
esc20
dot
transfer
the
interface
specification
of
esc20
expects
a
return
value.
A
So
if
solidity,
so,
if
there
we
don't
get
a
return
value
back
and
our
transaction
will
revert-
and
this
is
a
well-known
strange
Behavior
case
of
the
usdt
token,
which
have
led
to
problems
in
real
life
and
every
developer.
Integrating
with
this
token
should
be
aware
of-
and
this
should
also
serve
as
an
example.
A
A
A
A
A
A
A
Cool
that
was
the
interactive
part.
Of
course,
this
only
covered
multiple
tests
in
case
there's
way
more,
you
can
do
and
what
we
didn't
talk
about.
You
should
have
proper
development
process
right.
This
includes
code
reviews.
You
do
merge,
requests
another
one,
member
of
your
team
reviews.
It
gives
you
feedback,
you
discuss.
You
have
proper
coding,
standards
and
guidelines.
You
adhere
to
and
important
to
note,
not
all
bugs
can
be
uncovered
by
tests.
If
your
tests
pass,
it's
never
proof
of
correctness.
A
There
can
still
be
bugs,
because
you
didn't
think
about
test
case
that
would
have
triggered
the
bug
and
formal
verification
of
the
code
can
bring
you
to
the
next
level,
but
again
doing
formal
verification.
You
need
to
come
out
with
properties
and
specification.
If
you
don't
write
the
pro
pro
specific
specs
you
may
miss
out
on
other
bugs
and
what's
absolutely
necessary,
is
to
have
a
external
to
have
an
audit
of
the
code,
both
internal
and
external,
ideally
to
get
the
code
into
an
audit
Readiness
state
after
you've
done
all
of
this.
A
After
you're
done
with
your
project,
it
shouldn't
be
shouldn't,
go
directly
to
the
auditor.
Instead,
the
internal
team
should
take
a
step
back
and
audit
the
project
themselves,
and
this
already
helps
to
uncover
a
lot
of
bugs
and
then
in
the
next
step,
give
your
code
to
an
audit
company
which
is
going
to
do
a
total
review.
A
But
this
is
very
Project
Specific,
but
you
should
look
out
for
a
bug.
Bounty
is
a
very
valuable
addition
for
your
project,
so
if
there
is
a
bug
that
has
been
missed,
it
gives
incentive
to
the
writer
to
actually
report
it
to
you.
So
you
can
fix
it
in
time
and
approach
that
we
didn't
talk
about
here.
You
could,
what
we've
seen
from
clients
is.
A
You
could
also
implement
it
as
testy
driven
development,
so
you
don't
start
with
the
code,
but
you
write
the
tests
and
then
you
write
code
which
make
these
tests
pass
and
you
approach
it
from
this
way.
We've
also
seen
this,
but
very
rarely,
and
then
this
yeah
stateful
testing
there's
way
more.
You
can
do
here
you,
but
then
I
need
to
refer
you
to
the
internet
or
invariant
based
programming.
A
A
The
the
code.
F
Okay,
so
you
you
seems
to
you:
are
you're
using
the
deployer
you're
you're
using
three
addresses
deployer
Alice
and
Bob.
Yes,
these
are
two
three
and
four.
A
F
F
F
Yes.
So,
but
but
something
happened
happening
right,
how?
You
can,
because
it
seems
like
everything,
is
it's
one
transaction
specific
and
you're
not
going
to
you're
not
going
to
assert
about
things
that
can
happen
in
the
middle
yeah.
A
No,
we
are
not
asserting.
So
in
this
test
case
we
write
these
test.
Scores
are
Atomic
right
and
of
course,
you
are
right
in
the
real
world
if
you
deposit
first,
if
another
action
happens
in
between
and
the
fund
value
changes
when
you
redraw,
then
of
course,
then
the
value
doesn't
add
up
anymore.
All.
F
A
F
A
A
A
G
A
A
A
I
I
J
J
I
I
K
K
So
if
you
want-
and
you
have
a
computer
available,
you
can
go
to
that
link.
I
have
like
the
full
lecture
notes.
There
they're
a
bit
more
extensive
than
the
things
I'll
go
over
now.
So,
if
you
like,
if
you
like
that,
then
you
can
pull
it
up.
K
K
K
Pointer
I
do
these
things
I'm
not
going
to
talk
about,
because
I
hope
dearly
that
if
you
hire
an
auditing
company,
you
have
good
tests,
they
run
they
pass.
You
have
integration
tests,
you
got
documentation
and
you
make
sure
that
your
devs
are
available
for
the
couple
of
weeks
that
you're
going
to
spend
on
an
audit
if,
in
case
a
question
comes
up,
those
are
the
basics
but
I
know
a
lot
of
teams
are
really
really
highly
skilled
and
they're
very
motivated,
and
they
want
to
do
more
if
they
can
so
well.
K
What
can
you
do?
What's?
What's
the
secret
sauce
to
getting
a
good
audit?
Actually,
what's
the
secret
sauce
of
the
Auditors
Auditors,
like
us,
different
audit
companies
do
different
things,
but
we
have
our
own
little
method
of
working
which
I'm
going
to
share
with
you
invariance
we
like
something
called
invariance.
Sometimes
you
call
them
Properties
or
property-based
tests,
or
whatever
your
favorite
equations
over
State
I,
usually
just
use
the
word
invariance
for
everything
they
help.
K
You
find
more
bugs
right,
better
docs
trust,
your
code
more,
they
help
Auditors
because
you
know
as
Auditors,
especially
we
we're
going
to
be
looking
at
invariants
and
trying
to
find
more
of
our
like
invariants
of
our
own.
Basically,
so
if
you
come
with
a
little
set
of
these,
that
you've
already
gone
over,
you've
done
some
of
our
work
for
us
and
we
can
focus
on
like
either
deeper
work
or
we
can
work
more
efficiently
and
get
you
done
faster.
K
So
we
want
you
to
come
up
with
invariants
if
you're
on
chain
code,
they're,
also
good
fuss
targets
we're
going
to
get
to
that.
They
also
one
thing
we
found
especially
developers.
They
can
tell
you
exactly
like.
Oh
you
have
to
go
to
this
function
and
this
function.
You
will
see
exactly
where
this
variable
get
updated
and
everything,
and
once
you
start
talking
about
invariants-
and
we
say
things
like
well
just
to
sum
of
all
balances
always
match
the
total
balance
and
so
on.
K
K
Don't
have
to
read
all
this
I
just
like
to
have
a
thing.
I
know
this
is
being
recorded.
I
I
myself
like
to
pause
slightly
talks
and
like
read,
slides
so
I
put
more
on
here
than
I'm
gonna
read,
so
don't
read
all
of
it,
I'm
just
going
to
say
really
quickly.
K
Here's
what
we
can
structure
this
talk,
we're
gonna
go
over
like
how
to
make
invariants
I
call
that
state
is
just
equations,
then
how
to
prove
invariance,
at
least
in
a
pen
and
paper
fashion,
which
is
what
we
often
do
talk
about,
how
to
approach
things
when
you
can't
really
get
your
proof
to
work
and
also
how
to
use
your
invariance
to
do
fuss,
testing
and
even
monitoring.
K
If
that's
your,
that's
something
you
want
to
do
and
if
you
have
code
working
right
now,
if
you
have
a
laptop
up
like
you,
can
bring
up
your
own
code,
go
over
your
own
code
link
because
I'll
be
explaining
how
to
come
up
with
invariance.
If
something
comes
to
mind-
and
you
want
to
write
that
down,
please
do
that.
I'll
be
working
over
an
example
from
an
audit
we
did
a
while
ago.
K
So
if
you
don't
have
any
code
you're
working
on
right
now
or
you
just
want
to
follow,
follow
through
now
and
then
go
out
and
start
working
on
variants
on
your
own
after
the
session,
that's
fine,
too
I'll.
Also
it's
a
lot
to
cover
an
hour,
isn't
really
enough!
Anyone
here
interested,
we
can
just
just
grab
a
table,
I'm
happy
to
take
anyone
from
this
crowd
anywhere
and
just
keep
going
with
the
workshop.
K
I,
like
this
a
bit
too
much,
it
feels
almost
pathological
but
I
love
when
developers
come
up
with
invariants,
so
testing
versus
invariance
testing
is
I.
Guess
I
didn't
see
the
the
previous
talk,
but
I
think
he
was
talking
about
how
to
do
better
tests.
Tests
are
sort
of
like
the
camping
knife.
It's
like.
If
you
know
what
you're
doing
you
can
use
it
for
almost
everything
and
you'll
get
out
of
most
things
by
just
doing
a
bunch
of
testing.
It's
our
first
and
most
robust
line
of
defense.
K
There's
a
myriad
of
resources
to
help
you
test
better.
There
are
talks
here,
probably
how
to
test
better.
So
again,
I
assume
you
already
know
how
to
do
tests.
K
I
assume
you
do
unit
test
that
you
do
integration
tests,
you
try
deploying
on
test
Nets
and
so
on,
and
my
analogy
for
tests
is
sort
of
like
an
experiment,
right
you're,
trying
a
single
thing
you're
going
to
see
what
happens
if
I
do
exactly
this
call
or
I
do
this
little
sequence
of
calls
it's
great
and
we
often
like
especially
test
driven
developers
like
to
talk
about
testing.
As
you
know,
some
sort
of
silver
bullet,
or
even
if
they
say
it's
not,
then
you
can
kind
of
feel
like.
K
Oh
the
test
is
testing,
is
what
you
need
and
that's
going
to
solve
your
problems,
but
I,
don't
know
any
developer
that
actually
trusts
their
code
enough.
It's
like.
Oh,
my
test,
Suite
passed,
bring
on
the
billion
dollars,
TDL
like
that.
K
That
doesn't
happen
right
you're
like
you
sit
down
and
you
like
really
think
through
it,
and
you
talk
to
your
colleagues
like
well.
Are
we
sure,
like
have
we
thought
about
everything
and
it's
sort
of
like
that's
sort
of
like
Theory
recently
about
code
is
like
developing
a
theory.
K
K
The
thing
is:
there's
very
few
resources
about
this
I
had
one
five
minute
talk
by
my
professor
when
I
started
college,
saying
like
here's,
how
I
run
over
code
in
my
head
and
I
think
that's
that's
the
end
of
it
and
it
feels
like
recently
about
code
is
something
you
learned
from
experience.
It's
something
we're
always
doing
when
we're
debugging
doing
code
review,
doing
design
discussions,
we're
kind
of
like
simulating
things
in
our
head,
but
there's
not
met
much
resources
about
it.
No
one's
really
teaching
you
how
to
do
it.
K
K
This
is
meant
to
either
intimidate
you
or
titillate
you,
depending
on
what
your,
what
kind
of
person
you
are,
but
we're
doing
something:
that's
sort
of
analogous
to
math
proofs.
So
in
math
you
were
taught
both
like
Computing
answers,
like
figuring
something
specific
out,
but
also
how
to
do
proofs
how
to
make
sure
that
the
algorithm
that
I'm
doing
is
always
going
to
work
again.
K
It's
sort
of
like
the
analogy,
testing
versus
reasoning,
experiment
versus
Theory
reasoning
about
code
is
analogous,
but
proofs
before
anyone
say:
Curry
Howard,
like
I'm,
not
talking
about
something
like
that.
If
you're,
a
theoretical
computer
scientist
I'm
talking
about
something
very
straightforward,
that
I
think
anyone
who
has
taken
a
basic
code
boot
camp
should
be
able
to
do
and
just
like
proving,
there's
a
method.
There's
a
bit
of
artistry.
It's
not
always
straightforward.
I
can't
guarantee
you
that
your
proofs
will
work.
K
Even
if
your
theory
is
correct,
but
there's
a
structure
to
it,
you
don't
have
to
just
be
flailing
around
trying
to
prove
random
stuff,
and
with
that
we
get
to
the
actual
invariance.
What
is
an
invariant?
What
are
we
looking
for
and
what
are
we
trying
to
do
so?
This
is
very
small,
so
one
way
to
think
of
a
good
invariant,
it's
something
that
it's
obvious,
that
the
code
is
doing
or
should
be
doing
but
like
if
it
works
correctly.
K
K
Ideally,
it's
really
something
really
high
level
like
aliveness,
like
a
liveness
claim
that
you
know
this
contract
can
never
get
stuck
and
so
on,
but
to
be
completely
honest,
starting
with
really
simple
and
variants
will
get
you
quite
far
most
of
the
time
and
we'll
do
a
very
simple
invariant
here
today
and
I
can
tell
you
from
experience
that
even
those
really
simple
invariants
that
aren't
like
super
high
level
claim
that
the
entire
protocol
is
perfectly
secure.
K
Invariants
defined
as
it's
not
varying
its
constant
in
mathematics,
is
unaffected
by
a
designated
operation
and
or
an
invariant
quantity
function
configuration
of
a
system.
It's
something.
That's
always
true.
K
You
can
think
of
what's
the
code
behind
the
code,
because
the
code
is
very
exact,
it's
imperative
it
tells
the
computer
or,
like
the
evm,
exactly
how
to
do
every
little
step.
So
it's
not
it's
it's
imperative,
not
declarative
is
one
way
to
say
it
and
here's
your
chance
to
be
declarative.
You
say
something
like
you
know:
here's
the
equation
that
should
always
hold
I.
Think
in
the
ERC
erc20
contract
should
have
this
property
right.
K
You
keep
track
of
the
total
balance,
you're
minting,
you're,
burning,
you're
transferring
and
we
just
kind
of
assume
or
like
we
hope,
or
we
might
be
very,
very
confident
that
the
total
balance
is
going
to
be
the
same
as
the
balances
in
each
individual
account
that
has
interacted
with
the
mapping
of
balances.
So
this
is
just
a
way
to
say,
take
all
the
balances
in
the
mapping
and
sum
them
up.
K
If
someone
knows
way
too
much
about
the
evm
like
I,
do
then
just
think
of
us
every
every
time
you
wrote
directly
into
a
mapping.
Technically,
the
mapping
contains
a
bunch
of
other
stuff,
but
don't
worry
about
that
and
again,
a
gradient
variant
is
something
that's
obvious
from
the
intended
business
logic
like
this,
like,
of
course,
you
know
the
total
balance
should
be
just
all
the
actual
balances
that
are
out
there,
but
it's
not
necessarily
obvious
from
the
code.
K
Here's
a
working
example,
if
you
want
to,
if
you
don't
have
any
code
of
your
own,
you
want
to
pull
up
and
follow
along
on
your
laptop.
You
can
go
to
GitHub
alchemics
Finance,
V2,
Foundry
repo.
It
should
be
pinned
at
the
top
we're
working
at
the
contract
Alchemist,
so
we're
going
to
be
like
Ctrl
fing
through
a
little
bit
of
it.
K
If
you
want
to
follow
along
properly
or
you
can
just
watch
the
slides
really
quickly,
this
is
sort
of
a
slightly
more
involved
version
of
the
the
sum
of
all
balances,
total
balance
invariant.
They
have
something
called
shares
that
they're
used
to
that.
They
use
to
make
sure
that
you
get
your.
You
know
your
your
yield
in
proportion
to
how
much
you
have
staked
essentially
and
then
for
every
specific
yield
token.
There
exists
a
total
shares,
valuable,
so
slightly
more
involved
than
this.
The
sum
of
all
balance.
K
This
is
total
total
balance,
invariant.
Here's
how
you
frame
it
as
a
mathematical
equation.
If
you
go
into
the
mapping
of
all
yield
tokens
where
that
contains
the
token
address
as
a
key
and
a
set
of
params,
that's
this
yield
token
params.
If
you
go
into
param's
total
shares
that
should
be
equal
to
the
sum
over
all
the
accounts,
this
value
of
each
account.
K
That's
just
one
invariant
we
come
up
with.
We
proved
it
turned
out
helpful,
I'm,
not
sure
if
we
actually
find
any
found
any
bug
on
that
one.
But
you
know
we
do
find
bugs
on
those
kinds
of
things
quite
often,
but
the
question
is
like
so,
if
you're
sitting
here
with
your
own
code,
for
example,
or
you're
watching
this
later,
are
you
thinking
about
your
own
code?
How
do
you
come
up
with
good
invariants?
K
How
do
you
come
up
with
like
looking
for
something
like
this
and
there's
a
few
tricks
first
is
to
come
up
with
many
like
try
to
think
of
anything.
You
can
State
as
an
invariant
state
that
as
invariant
and
then
focus
on
the
ones
that
seem
to
be
important.
K
Second,
one
is
go
over
storage
variables.
Do
you
have
do
they
have
like
obvious
relationships?
This
was
a
good
example.
You
have
the
balances
and
you
have
the
total
balances.
Of
course,
that
should
just
stick
out
as
a
sore
thumb
like
that's
these.
These
two
things
should
have
a
very
tight
relationship
between
them.
K
K
De-Optimizing
is
always
fun
like
you're
doing
a
lot
of
optimizations,
even
if
you're
not
doing
even
if
you're,
not
a
big
Optimizer
you're,
not
iterating
over
all
the
accounts
of
all
your
users,
for
example,
that's
the
sort
of
optimizations
as
solidity
developers
we
need
to
optimize,
but
what,
if
you
just
think,
I
don't
have
to
optimize
at
all?
You
write
the
code
as
you
would
in
a
dumb
Java
program,
and
then
you
just
State
the
invariant
say
like
well
this.
This
Nave
implementation
and
this
optimize
implementation
are
identical.
K
Modulo
gas
usage
go
to
your
design,
spec
I,
hope
you
have
one
you
all
right,
design,
docs
right,
read
it
over
see
if
there's
anything
you're
mentioning
there.
That's
obvious,
like
that's
something
that
there's
a
good
chance,
something
that
says
something
in
the
design
dock
like
well.
K
These
these
two
variables
should
have
a
relationship
to
each
other
that
might
not
have
been
carried
over
to
your
code
comments,
so
you
should
go
to
invariants
and
you
can
also
work
from
unit
tests
like
replace
some
unit
test
values
and
start
thinking
about
what,
if
we'd
start
fussing
it.
What
if
we
use
symbolic
values,
what
properties
would
they
have
to
satisfy
and
then
just
try
to
State
them?
As
you
know,
equations
or
something
similar,
it
doesn't
have
to
be
a
mathematical
equation.
It
can
also
just
be
a
very
exact
description.
K
K
So
ghost
variables
are
just
a
way
to
introduce
variables
into
your
invariance
or
your
system,
descriptions
that
don't
exist
on
the
chain
or
that
you
don't
have
on
the
Chain
so
impossible
to
compute
functions.
We've
seen
already
some
some
overall
balances.
You
could
think
of
that
as
sort
of
a
ghost
variable.
K
Another
one
is
like
well
total
deposited
ever,
for
example,
how
much
ether
has
this
contract
ever
received?
Maybe
you're
not
actually
tracking
that
you
can't
probably
actually
track
that
in
your
in
your
contract.
But
if
you're
just
reasoning
about
the
about
your
contract,
then
you
can
say
like
well
how
much
ether
has
ever
been
in
this
contract?
Make
that
a
variable
and
use
that
in
your
questions-
and
hopefully
you
may
decide
that
some
of
these
ghost
variables
actually
deserve
to
become
State
variables.
It
might
make
sense
to
actually
keep
track
of
these.
K
Here's
an
example
of
de-optimizing.
Just
to
give
you
a
quick
look
of
what
that
can
look
like
here's,
a
really
simple
optimized.
You
know
normally
optimized
piece
of
code.
When
you
give
rewards,
then
you
increment
the
total
reward
ever
variable.
That
should
be
a
semicolon
there
and
where
did
all
semicolons
go
must
have
done
a
search,
replace
oh
well,
because
what
happens
when
you
keep
copying
over
from
different
resources?
K
And
then,
when
you
withdraw
rewards,
you
just
calculate
you
know.
Whatever
a
user
has
a
specific
stake
and
you
can
say
the
last
time
they're
reserved
if
they
received
a
reward,
you
calculate
how
much
reward
they've
earned
since
then,
then
you
update
some
variables
and
you
send
them
some
tokens.
The
really
dumb
way
to
do
this
is,
when
you
say,
give
rewards
you
just
iterate
over
all
the
users
and
you
give
them
a
bit
of
reward
and
then,
when
they
withdraw,
you
just
set
their
rewards
to
zero
and
you
send
the
tokens.
K
You
can't
do
that
right,
that's
not
really
possible,
and
if
you
do
that,
I
will
slap
your
fingers,
but
if
you
can
definitely
make
a
statement
like
hey,
these
things
will
give
the
exact
same
results
for
a
single
user
right.
If
we
call
to
give
rewards
with
a
certain
number
of
amounts
and
then
I
call
withdrawal,
rewards
I
should
receive
the
same
things
from
both
of
these
implementations.
K
So
make
sure
that
you,
you
know,
have
it
I,
don't
know
how
you
like
to
document
things.
If
you
like
to
do
it
in
your
codes,
you
have
to
be
new
code
comments
or
if
you
want
to
have
a
Google
doc
somewhere,
whichever
this,
but
but
this
like
you
could
have
a
few
pages
in
a
Google
document
that
say
like
hey
what,
if
we
implemented
like
this
here's,
our
actual
implementation.
These
should
be
equivalent
here's
you
know,
pen
and
paper
proof
showing
that
it
should
be
yeah
so
yeah
this.
B
K
Don't
go
deleting
all
your
semicolons,
like
all
the
experience
examples
here
are
illustrative:
it's
not
they're,
not
this
one
isn't
pulled
from
an
actual
deployed
code.
It's
just
you
know
a
quick
example
of
what
de-optimization
looks
like
or
I
could
say.
Oh
it's!
It's
pseudocode
like
because
some
of
you
might
be
riding
Viper
and
this
the
process
still
works
so,
okay.
Now
we
get
to
actually
proving
them.
So
you
come
up
with
something
that
you
say
like
well.
K
This
should
always
hold
over
my
contract
forever,
proving
I
had
a
math
teacher
who
said
like
well
proving
sounds
scary
like
oh,
it's
you,
you
just
need
to
convince
someone.
How
good
does
your
proof
need
to
be
well?
You're
gonna
have
to
show
it
to
someone.
If
that's
you,
if
that's
your
friend,
if
that's
nature
magazine,
then
you
know
whoever
you're
talking
to
you
need
to
convince
them.
That
yes,
I
know
like
my
argument
is
sound
and
it's
complete,
and
you
know
my
my
my
theorem
holds
right.
K
The
good
thing
about
code
is
that
it's
usually
boring
and
straightforward.
It's
pretty
mechanical
because
hopefully
the
code
is
pretty
straightforward
and
all
you
need
to
do
is
check
a
bunch
of
places
which
can
be
boring
but
straightforward.
Usually,
so
how
do
you
prevent
a
variant?
Well,
straightforward?
You
figure
out
where
are
all
the
variables
or
ghost
variables
that
are
ever
written
to?
Where
are
they
modified?
K
K
So
this
is
like
manual
verification
like,
of
course,
there's
tool.
We
work
with
tools,
we
mechanize
things.
We
love
building
tools
to
do
these
things,
but
it's
actually
really
very
useful,
especially
for
smaller
contracts,
to
just
do
it
as
pen
and
paper
a
lot
of
times
so
don't
get
intimidated
when
I
say
like
just
write
it
down
like
write
it
down
into
document
and
follow
through
it's.
It
doesn't
actually
take
that
long.
Most
of
the
time,
then
you
check,
what's
called
a
base
case.
K
You
check
that
the
invariant
will
hold
from
the
start
in
the
Constructor,
the
initializer,
wherever
just
make
sure
that,
like
your
invariant,
isn't
invalidated
immediately
as
the
contract
is
deployed,
that's
usually
the
easy
part
and
then
the
hardest
part
is
the
inductive
case.
You
find
all
the
locations
that
you
noted
here
and
you
go
over
all
of
them.
K
You
can
assume,
as
you
go
into
the
contract,
that
that's
the
transaction
start
that
the
invariant
holds,
and
then
you
just
look
at
all
the
locations
that
modify
the
variables
you
do.
Some
symbolic
updates
just
say,
like
I'll
show
you
what
that
means
in
a
second
and
then
you
check
that
your
invariant
still
holds.
K
K
If
we
look
over,
the
contract,
I
usually
use
a
silver
Searcher
and
some
other
tools
just
look
to
get
an
initial
search
for,
where
are
all
the
places
where
these
variables
can
be
modified?
There
are
more
structured
ways
to
do
this,
but
just
this
juice
is
the
fastest
make
sure
you
look
for
assembly
code,
because
you
know
it
can
modify
your
storage
variables
and
make
sure
you
find
all
the
relevant
locations.
K
I'll.
Also
look
in
the
contracts
you
inherit
from
because
you
know
modifications
can
happen
there
as
well
and
use
a
dependency
graph
tool
if
you
need
to
in
this
case,
we
find
these
three
functions,
modify
our
total
shares
and
balances.
Add
yield
token
issue
shares
for
amount
and
burn
shares.
These
two
are
internal.
This
one's
external
I
can
just
tell
you
the
ad.
The
first
one
add
yield.
Token
is
fine.
It
just
sets
the
values
to
zero.
Constructor
and
initializer
doesn't
really
touch
any
of
this,
so
everything's
zero.
K
So
we
get
initially
zero
equals
zero,
because
the
total
shares
for
every
yield
token
starts
at
zero
and
all
the
balances
start
at
zero.
So
this
is
a
sum
of
zeros
and
we
get
zero
equals
zero.
That's
true,
so
the
variant
holds
initially
and
then
we
go
and
find
the
issue
shares
for
amounts.
We
find
that
in
these
two
locations
are
variables
to
balances
and
total
shares
get
modified
technically.
It
also
makes
sense
to
reason
about
like
is
there?
Could
there
be
re-entrancing
here?
K
Actually
in
this
case,
that
wouldn't
matter,
are
there
many
different
paths
through
this
function?
No,
it's
a
very
straightforward
function,
technically,
there's
a
path
here,
but
it
doesn't
matter
for
us
because
we
always
only
the
only
relevant
changes
are
in
this
basic
block.
There's
failures,
but
if
this
function
fails,
then
you
know
State
doesn't
get
committed
and
still
fine.
So
we
find
that
we
add
a
number
of
shares
to
total
shares,
read
very
carefully
accounts
recipient
balances.
You're
talking
shares,
yes,
heel
talking
still
talking,
yes,
okay,
we
just
add
shares
to
both
sides.
K
Note
that
we
don't
really
care
how
the
shares
were
computed
like
we.
This
might
be
an
external
call,
like
anything,
can
happen
here
it
doesn't
matter.
What
we
know
is
that
if
we
come
to
this
location
of
the
code-
and
we
go
through
this
line
and
this
line,
our
invariant
will
hold
once
we're
out
of
it.
K
This
one
has
left
us
an
exercise
to
the
reader.
It's
slightly
more,
not
challenging.
It's
just
exact
same
thing,
but
I
mean
like
now:
we've
proven
this
invariant
and
it
may
Sun
sound
slightly
meaningless,
but
it's
sort
of
like
that.
That
was
one
of
those
questions
that
come
up
as
you're.
Developing
hey
am
I
sure
that
well
total
shares
and
like
the
and
the
balances
they
should
always
match.
I
should
check
that
at
some
point
maybe
I
haven't
but
like
now
you
have
checked
it
and
you've
wrote
down
your
proof.
K
Hopefully,
and
now
you
know,
and
you
don't
have
to
worry
about
it,
that's
one
good
thing:
you
can
convince
everyone
that
the
invarence
holds
the
case
may
seem
trivial,
but
as
things
get
hairier
the
bugs
get
scarier
and
this
class
of
bugs
are
definitely
out
there.
People
do
forget
to
like
do
the
second
variable
update
I
mean
you.
It
wouldn't
be
crazy
to
find
this
code
without
the
second
line.
Here
it
happens.
K
You
know
someone
slips
through
a
code
review
and
then
it
happens
and
now
you're
in
deep,
because
this
is
actually
used
to
calculate
rewards
and
if
this
line
was
missing,
you'd
be
in
deep
trouble
and
your
Auditors
would
find
it
and
report
it.
A
critical
affordability
and
again
make
sure
you
save
yourself
some
somewhere
useful
somewhere.
You
can
find
it
somewhere.
You
can
show
your
colleagues,
so
you
don't
have
to
redo
your
work.
K
B
K
So
I
know
that
you're
all
hardcore
super
developers
and
your
code
is
not
always
this
straightforward.
So
what
you
do
then
failed
proofs
and
I
don't
mean
like.
If
you
find
that
the
proof
doesn't
hold,
then
you
know
you're
very
it's
invalidated
and
you
need
to
like
make
sure
that
you
know
figure
out
why
why
it
doesn't
work
and
fix
that
what
I
talk
about
here
is
fail.
Proofs
is
when
you
actually
fail
to
prove
it.
You
didn't
really
conclude
that
your
invariant
doesn't
hold
you're,
not
sure
it
holds.
K
K
So
here's
some
basic
tools
that
we
can
use
and
we
usually
recommend
like
if
we
can't
prove
if
we
can't
prove
an
invariant
and
we
really
try
to.
Then
we
usually
ask
you
like
hey:
can
you
make
this
a
bit
more
clear
because
we
haven't
been
able
to
convince
ourselves?
We
haven't
been
able
to
convince
you.
K
You
should
want
to
be
convinced
of
this
invariant,
and
until
that
happens,
we
should
make
sure
that
we
can
either
help
each
other
reasons
through
the
code
or
we
can
make
the
code
more
easy
to
reason
about.
So
if
the
function's
logic
is
too
complex,
if
you
really
don't
want
to
refactor
one
thing
you
can
do,
is
you
can,
instead
of
giving
a
name
to
each
function,
you
give
a
name
to
each
basic
block.
K
Does
everyone
know
what
I
mean
when
I
said
basic
block?
Okay,
going
back,
so
basic
block
of
code
is
a
code
that
will
always
be
executed
together.
So,
for
example,
if
you
enter
this,
if
you
enter
this
function,
This
Can't
Fail,
there's
no
branching
here.
This
can't
fail.
There's
no
well!
This
can
fail
actually
so,
but
if
we
okay-
if
we
ignore
reverting
failures
for
this
case-
which
we
can
because
you
know,
reverts
will
just
mean
that
nothing
happened.
K
These
three
lines
will
always
be
executed
together,
and
so
will
this
condition,
but
this
line
may
or
may
not
be
executed,
so
you
can
think
of
this
as
a
basic
block,
and
this
is
a
basic
block.
If
you
have
a
while
loop,
then
the
body
is
a
good
example
of
a
basic
block.
If
there's
no
more
branching
in
it.
Basically
anything
that's
like
you
can
treat
a
solid
chunk
of
code
that
will
always
be
executed
together
with
each
other.
K
If
you
had
thrown
this
line
into
here
or
like
another,
if
case,
then
it
would
not
be
in
the
same
basic
block
and
then
it
would
be
harder
to
reason
that
your
invariant
holds
so
yeah
I
mean
that's.
What
a
basic
block
is
a
single
piece
of
code
that
would
always
be
executed
together
and
if
you
have
really
complex
logic
and
your
functions
are
really
big,
you
might
want
us
instead
of
giving
labels
to
just
a
function.
K
What
we
find
sometimes,
is
that
you
will
only
like
the
variables
that
need
to
be
updated
together
are
updated
in
slightly
different
places,
and
then
we
get
an
argument
like
well.
You
know,
but
they
will
always
because
of
like
some
sort
of
reasoning
about
the
possible
execution
conditions.
They
will
still
always
be
executed
together.
Well,
why
don't
just
co-locate
them
put
them
right
after
one
another
to
make
it
easy
to
reason
about
them.
K
If
you
have
complex
arithmetic
expressions
with
rounding,
ignore
that
for
now
treat
numbers
as
real
numbers,
don't
worry
about
rounding
at
all.
You
can
do
rounding
error.
Analysis
separately,
write
your
stuff
as
functions.
Imagine
it's
all
real
numbers
make
sure
your
invariant
holds,
and
then
you
do
rounding
error
analysis.
We
did
a
talk
on
that
yesterday,
I'm
sure
you
can
find
the
link
in
the
Devcon
videos
about
how
to
do
rounding
error
analysis
to
make
sure
you're
contracts
are
safe.
K
K
This
function
modifies
all
these
storage
variables
if
it
doesn't
modify
any
one
of
the
ones
you
care
about,
then
you're,
fine,
if
it
modifies
one
of
the
ones
in
your
invariant,
but
not
one
of
the
others,
then
you
know
look
out,
but
it's
just
a
good
way
to
build
up
your
code
with
comments
that
will
make
it
easier
to
reason
about
in
a
structured
way.
If
you
see
doing
this
more
and
more
again,
did
you
check
everything,
Imports
inheritance,
both
up
and
down
inline
assembly?
K
There's
a
bunch
of
places
where
you
can
have
storage
modifications
that
you
weren't
thinking
about
control
effing
does
is
not
enough
and
if
the
code
keeps
changing,
if
you're
doing
this
as
you're
prototyping
you're
doing
it
wrong.
This
is
like
once
you've
done
a
proof
and
you
checked
everything
and
your
code
changes.
You
will
need
to
recheck
your
proof.
So
this
is
very
much
something
you
will
do
towards
the
end.
K
Ideally,
when
the
code
is
frozen
or
almost
Frozen
so
again
like
if
you're
asking
a
an
audit
firm
to
audit
your
code,
you
should
ideally
freeze
it
before
and
that
will
like
whenever
you
freeze
it.
You
can
start
doing
this
or
slightly
before
question.
M
So
pretty
much
when
I
have
the
client
that
really
likes
to
change
the
assumptions
of
the
whole
projects.
Basically,
then
I
should
I
guess:
I
should
write
those
invariants
but
recheck
them
every
time
the
changes
happens.
Yes,.
K
K
That's
going
to
take
me
four
days
and
like,
but
you
already
checked
I'm
like
well,
you
changed
the
code,
it's
like
that's
sort
of
the
negotiation
with
with
the
client,
and
it
also
kind
of
emphasizes
that
you
do
need
to
freeze
your
code
as
much
as
possible
like
so
again,
if
you,
if
you
doc,
if
you
document
your
proofs
really
well
and
they
don't
refactor
everything
and
change
the
entire
design,
then
change
like
looking
over
the
proof
should
be
pretty
straightforward.
If
you're
used
to
it,
you
can
kind
of
work
from
the
diff.
K
K
Yeah
I
mean
there's,
there's
a
feedback
loop
here
as
well.
Right
I
mean
if
you,
if
you
write
down
your
framing
conditions,
put
them
in
the
function
and
then
you
can
make
sure
that
the
client
knows
to
respect
them
or,
like
you
know,
up
again
update
their
framing
conditions,
and
so
one
beautiful
thing
about
this
way
of
working
that
we
found
is
a
lot
of
our
clients,
get
trained
to
do
this
more
and
more
themselves.
K
They
start
producing
better
code,
it's
more
readable,
it's
it's
not
always
less
complex,
but
like
the
important
things
are
more
co-located
and
so
on.
So
I
would
say
if
you
personally,
if
clients
keep
changing
the
code
like
make
sure
that
they
understand
that,
there's
a
cost
to
that.
If
they
still
want
to
do
it,
of
course,
they
can
do
it,
but
also
help
them
to
train
them
to
be
better
at
when
they
do
that.
K
They
also
make
sure
that
the
proofs
that
you
produced
or
that
they
produce
that
they
have
are
also
kept
up
to
date.
Right
I,
like
that,
it's
a
co-location
sort
of
like
imagine
like
if
you
I,
don't
know.
If
anyone
writes
Java
or
C
or
JavaScript,
imagine
if
you
use
one
of
the
basic
data
structures
like
hash
tables
or
something,
and
you
manually
had
to
manage
the
number
of
items
you
might
have
to
manage
all
the
internal
variables.
K
This
is
sort
of
the
kind
of
encapsulation
I
know
people,
don't
always
love
using
libraries
for
different
reasons.
You
know
gas
off
my
shades
and
so
on,
but
try
to
make
sure
that
you're
your
your
code
behaves
more
like
it,
like
you
know,
the
all
the
things
that
are
relevant
to
this
little
data
structure
updated
in
the
same
place.
D
How
do
you
recommend
testing
basic
blocks
if
they're
like
within
a
function.
K
For
Facebook
I
mean
it's
just
the
same
thing
right
like
in
like,
if
you
let's
say
that
this
was
a
really
complex
function
and
there's
a
bunch
of
code
here
and
a
bunch
of
code
here
with
and
there's
a
bunch
of
different
paths
through
this
function.
Right
I
would
name
this
basic
block.
Whatever
basic
block
these
contain,
I
would
name
that
something
and
then,
instead
of
checking
every
function
instead
of
going
over
over
every
function,
improving
this
I
would
just
prove
it
over.
The
basic
block
like
here
so
I
know:
I
can
assume
aspie.
K
As
we
go
into
this
look
when
we
are
here
assume
the
invariant
holds
after
the
basic
block,
which
I
know
will
be
executed
together,
I
can
show
that
it
holds
and
then
for
every
basic
block.
You
just
go
well
in
this
basic
block:
it's
not
modified
so
if
hold
before,
then
it
holds
after
this.
The
basic
blocks
appear
if
it
gets
modified
before,
if
it's
it
doesn't
get
modified,
so
it
still
holds
right.
So
it's
sort
of
like
you.
K
Instead
of
showing
that
the
invariance
hold
over
each
function,
you
do
it
over
the
basic
block
and
you
give
them
a
name
or
something,
and
if,
for
some
reason
this
was
down
here,
one
of
the
updates
were
down
here,
then
that's
a
good
reason
to
move
it
up
so
that
they're
in
the
same
place,
because
that
will
make
you
reason.
It's
a
lot
harder
to
reason
about
it.
If
they're
in
the
different
basic
blocks,
because
then
you
have
to
think
about
everything
that
happens
between
there.
But
if
you
co-locate
them,
then
it's
a
lot
easier.
O
I
mean
maybe
they
invite
sorry,
maybe
the
environment
breaks
between
two
blocks,
but
your
environment
holds
for
the
whole
function.
Yeah.
How
do
you
recommend
dealing
with
that?
It's.
K
Just
much
Harrier
proof
to
make
like
it's
just
like,
if
you
really
need
to
do
like
consider,
if
you
really
need
to
do
that,
if
you
really
need
to
do
it
that
way,
then
you
do
need
to
treat
the
entire
thing
as
one
block
and
reason
about
all
the
possible
paths
between
I'm
a
little
short
on
time.
If
I
want
to
get
through
this,
so
we
do
have
a
minute
10
minutes
of
questions
at
the
end
right.
So
if
there's
something
that.
F
That
you
generate-
and
you
increase
one
by
one-
this
ID
will
eventually
overflow
and
you
can.
You
cannot
prove
that
it
will
never
overflow,
but
it
will
require
millions
of
transactions.
So
in
practice
the
you
you
should
not
you,
you
can
prove
it,
but
it
will
be,
never
reachable.
So
what
is
what
is
your
view
on
this?
You.
K
State
your
assumptions
you
make
the
assumption
that
there
will
never
be
two
to
the
power
256
transactions
on
the
ethereum
blockchain
and
you
move
on
with
your
day.
That's
it
all
right.
It's
like
the
the
counter
in
open
sampling
contracts
can
be
unchecked
on
its
increment
because
it
will
never
update.
It
will
never
overflow.
If
you
know
what
I'm
talking
about.
If
you
don't
then
doesn't
matter
so
I
I
just
need
to
move
on.
K
So
if
it's,
if
you're
having
a
lot
of
trouble,
look
at
the
environment,
that's
giving
you
trouble
pick
one
function,
look
at
all
the
relevant
variables
and
try
to
group
them.
You
may
have
to
create
a
few
different
paths.
Use
helper
functions
like
you
know
this
one's
really
good
the
they
had
the
burn,
shares
and
issue
shares.
I
think
that
might
have
been
in
our
recommendations
like
well.
These
things
will
have
to
be
updated
together.
K
Let's
make
sure
they're
updated
in
a
single
place
where
all
the
relevant
things
to
burning
shares
happen
together.
Right,
don't
do
it
all
in
you
know
all
over
the
code,
if
you
can
avoid
it
remember.
This
is
what
you
need
to
show.
The
invariant
holds
at
construction
time
and
it's
not
initialization,
and
if
the
invariant
holds
at
the
beginning
of
a
basic
block,
it
holds
at
the
end
of
the
basic
block.
Prove
that
for
all
the
blocks,
then
the
variant
holds
anyone
who's
likes
discrete
math.
K
This
is
an
induction
proof,
we're
security
Auditors.
We
have
slightly
different
priorities,
sometimes
from
developers.
So
like
we
kind
of
security,
is
the
most
important
thing.
Simplicity
is
the
second
most
important
thing
it
can
depend,
but,
like
the
thing
is
simplicity
so
tied
into
security,
that
we
really
care
about
Simplicity
and
we'd.
Rather
have
you
skip
a
neat
bit
of
functionality?
If
it
just
makes
things
too
complex,
and
then
you
know
save
that
for
version
two
or
something
or
an
extension
and
optimizations
are
the
least
important
thing.
K
I
know
that
doesn't
resonate
with
everyone,
but
if
these
things
are
so
much
more
important
to
you
than
keeping
things
simple
and
having
make
it
being
easy
to
reason
about
security,
what
you
can
do
again,
it's
just
it's
a
lot
of
work,
but
then
again
you
should
probably
spend
you
know.
10
times
more
time
on
securing
your
smart
contract
code
than
you
spend
on
writing
it.
So
it
might
be
worth
it.
K
Do
you
want
to
talk
about
invariances,
test
targets
we
like
to
use
Foundry?
You
can
take
your
invariance
and
just
create
a
bunch
of
tests
to
just
test
those
as
properties
like
you.
You
take
the
variant
we
had
here
and
you
because
there
you
go
and
you
run
a
test
that
just
does
a
bunch
of
different
operations
and
it
interacts
with
your
protocol
in
a
bunch
of
different
ways
and
at
the
end
it
checks
your
property,
that's
pretty
straightforward.
K
A
really
cool
thing
you
can
do
is
if
you
could
instrument
your
testing
to
just
you
know,
at
the
end
of
every
test,
you're
running
check
your
invariant
like
make
sure
your
advantages
always
holds
everywhere.
It
can
be
hairier.
There's
things
I'm
going
to
show
you
one
trick
to
do
it.
It's
not
it's
not
the
most
elegant
way,
but
it's
the
most
simplest
that
will
get
you
going
quickly.
K
Here's
a
dead,
simple
idea.
If
we
take
the
contract
we
just
had
and
we
just
wrap
it.
So
we
take
all
the
functions
that
affect
user
accounts,
so
we
make
sure
we
keep
track
of
all
the
users
we
have.
So
we
can
do
the
sum
overall
to
balance
this
thing,
and
then
we,
just
whenever
there's
an
interaction
we
make
sure
we
add
that
user
to
the
set.
K
Then
we
do
the
regular
update
and
then
at
the
end
of
every
function
we
check
our
invariance
and
we
do
this
for
all
the
Contra
or
all
the
relevant
functions
in
the
contract
and
checking
the
invariance
is
just
checking.
Well,
you
know
the
ones
we
have
this
one's
called
A2,
so
checking
A2
is
just
doing
this
thing,
we're
summing
over
all
the
balances
and
then
we
make
sure
that
matches
the
total
shares.
K
So
now,
you're
checking
your
invariant
at
the
like
in
each
and
every
interaction
you're
doing
with
your
contract
again
I
mean
I'm
sure
a
bunch
of
You
Are
cool
hackers,
and
you
could
do
this
with
if
you
get
the
name
of
the
Foundry
op
code.
K
But
you
know
you
can
update
the
the
evm
code
of
the
contract
in
place
to
do
this
in
a
cooler
way
and
in
a
more
robust
way,
but
this
will
get
you
going
pretty
quickly,
so
yeah,
the
basically
your
job
is
to
update
ghost
variables
the
variables
that
you
have
in
storage.
You
can
always
check
your
ghost
variables.
You
need
to
keep
track
up
with
a
wrapper.
This
might
also
convince
you
that
some
of
your
ghost
variables
should
be
actual
variables.
K
Maybe
it's
maybe
it
makes
sense
to
keep
track
of
a
set
of
all
your
users
in
your
code.
I,
don't
know
it's
a
trade-off.
You
have
to
make,
and
finally
I
just
want
to
mention-
you
can
also
use
this
for
monitoring.
I.
Think
someone
mentioned
it.
K
There's
two
approaches
to
monitoring
roughly
one
of
them
is
just
doing
it
on
chain
like
make
sure
check
your.
If
you
find
some
important
variants
that
you
can
check
on
chain,
you
can
put
them
in
requires
in
a
search
clause
and
then,
if
something,
if
for
some
reason
at
the
end
of
a
transaction,
they
are
violated.
You
bail,
you
stop
the
protocol,
that's
good,
because
you
can
halt
the
contract
before
bad
things
happen.
K
You
can't
no
one's
going
to
be
able
to
mess
with
your
toll
shares
and
like
steal,
a
bunch
of
yield
that
way.
It
is
pretty
scary,
though,
because
it
can
can
cause
liveness
bugs
you
don't
want
your
contract
to
end
up
in
a
state
where
it
can
never
proceed,
and
now
all
the
funds
are
stuck.
So
you
know
talk
to
your
auditor.
K
It's
like
talking
to
your
doctor,
like
you,
know,
we're
we're
here,
have
them
on
speed,
dial,
ask
like
I'm,
not
sure
about
this,
but
I
have
this
little
thing
in
my
code
and
like
they
might
say,
that's
fine
or,
they
might
say,
come
right
in
drop
everything
you're
doing
and
let's
talk
about
this
and
you
know
obviously
gas
costs.
You
have
to
put
the
gas
cost
on
all
the
users
or
you
can
do
off-shade
monitoring
a
poor
man's
monitor
we'll
get
to
that.
But
you
can,
you
know,
deploy
it
later.
K
Even
if
you
already
have
a
protocol
up
and
running,
you
can
still
deploy
some
off-chain
monitoring.
He
can't
cause
liveness
bugs.
Obviously
what
do
you
do
if
you
detect
a
failure?
Maybe
it's
all
regulates
you're
very
got
violated,
someone
stole
all
your
money
and
it
may
not
prevent
tax
that
you
know
happen
in
a
single
block.
So
when
uses
flashbots,
it
violates
some
invariants
and
now
you
know
the
damage
is
already
done
before
your
Sentinels
can
come
in
and
halt
your
protocol.
K
After
that
well
well,
first
I
should
mention
what
can
you
do
next?
Well,
you
can
keep
planning
invariants,
you
can
add
more
document
them
share
them
with
your
Auditors
share
them.
With
your
with
your
users,
you
probably
have
a
bunch
of
white
hat
users.
Hopefully
that
can.
If
you
make
bold
statements,
they
will
take
that
as
a
challenge
to
go
and
try
to
find
violations
of
them
and
the
good
thing
is.
K
You
can
kind
of
keep
doing
this
long
after
deployment,
finding
finding
good
invariance
making
that
we
will
improve
your
documentation
and
they
will
improve
your
monitoring.
So
you
know
security
doesn't
end
when
you
deploy
another
thing
I
want
to
mention.
Is
we
like
symbolic
execution
with,
like
formal
verification,
so
we're
working
pretty
hard
on
making
sure
that
if
you
write
your
invariance
in
Foundry
and
you
fuss
over
them,
you
can
try
as
many
million
inputs
as
you
want.
We
also
have
a
tool
that
will
let
you
run
it
symbolically.
K
So
try
it
on
all
inputs,
there's
a
bunch
of
trade-offs.
You
should
do
fussing
first,
because
it's
fast,
you
can
write
your
test
using
solidity
same
thing,
because
you
know
we
used
to
found
your
chest
anyway,
you're
limited
to
what
you
can
express
in
solidity,
whereas
with
our
KVM
Foundry
implementation,
you
can
kind
of
use
all
of
matching
logic,
not
all
a
matching
line,
but
a
lot
of
matching
logic.
It's
a
nice
logic.
Fasting
is
extremely
fast.
K
K
This
often
requires
human
intervention,
because
a
symbolic
execution
or
engine
or
approver
might
not
be
able
to
complete.
It
might
not
be
able
to
say
yes,
I
proved
it
or
no
I
found
a
counter
example.
It
might
say:
C3
can't
handle
this
query,
so
you're
going
to
have
to
help
me
out
here
and
that
can
require
some
expert
human
intervention.
K
Symbolic
inputs
are
100
and
100
input
coverage,
you're
testing
every
possible
value.
So
if
you
prove
your
invariance
with
KVM
and
Foundry,
then
you've
they're
proven
this
was
contentions.
Yesterday.
The
idea
of
false
poses
and
false
negatives
I
think
it's
unfair
to
say
that
you
have
false
negatives
with
fussing,
because
well,
it's
not
like
Foundry
comes
or
Echidna
comes
and
says
like.
Oh
actually,
we
didn't
find
anything
so
therefore,
it's
safe,
but
the
problem
is
sometimes
that's
what
developers
or
users
think.
K
So
that's
why
you
can
think
of
that
as
a
false
positive.
You
can't
really
have
or
a
false
negative.
You
can't
really
have
a
false,
negative
or
false
positive
with
symbolic
execution.
Either
we
prove
that
this
doesn't
hold
or
we
prove
that
it
holds
either
your
invariance
correct
or
it's
not
or
you
get
stuck
and
you
need
a
human
and
then
you
need
to
do
some
things
that
are
easy
to
try
hard
to
master
easy
to.
Try
means
that
you
can
get
in
on
our
Alpha
release
and
do
it
hard
to
master
means.
K
You
might
have
to
call
us
and
we'll
help
you
and
we're
happy
to
help
you
along
here's.
What
can
look
like
you
know,
Forge
test
will
run
the
standard
256
tests
for
you.
You
can
make
turn
this
up
to
as
many
million
as
you
want
with
the
KVM
Foundry.
This
is
a
example
from
rolls
talk
yesterday,
KVM
was
able
to
prove
that
a
specific
invariant
just
held
that
was
written
initially
as
a
Foundry
test
again
go
and
look
at
his
video.
K
If
you
want
to
check
that
out,
I
would
be
remiss
if
I
didn't
mention
that
we
are
starting
a
research
branch
and
runtime
verification.
So
if
anyone's
research
minded
or
just
curious,
please
go
to
research.runtime
verification.com.
We
have
a
bunch
of
research
challenges
there.
If
any
one
of
them
look
interesting,
just
reach
out
to
us
we'll
see
how
we
can
help
you
along
or
if
we're
happy,
to
hear
your
ideas
on
any
of
the
research
challenges.
K
I
think
that's
what
I
got.
We
do
have
10
minutes
for
questions.
I
was
promised
so
I've
seen
a
few
hands
again.
If
someone
wants
to
like
try
this
right
now,
like
pull
up
some
of
your
code,
try
to
find
some
few,
a
few
invariants
I'll
just
do
a
little
train
out
of
here
and
we'll
find
a
table
somewhere
and
sit
down
and
work
for
as
long
as
we
have
to.
K
If
you
go
home-
and
you
do
this
later,
write
me
at
Twitter
or
at
runtime
verification.com,
you
can
always
reach
out
to
us
at
Discord
we're
happy
to
help.
This
is
past
talk.
The
video
should
come
soon,
so
check
that
out
as
well.
It's
important
to
what
what
you'll
be
doing,
because,
eventually
your
environment
will
contain
a
division
and
then
all
bets
are
off
and
you
need
to
know
what
you're
doing
cool.
L
Yeah
yeah,
so
the
idea
that
you
can
do
pen
and
paper
proofs
as
a
really
you
know
robust
method
is
new
to
me.
I
guess
my
question
is:
it
might
be
a
bit
vague
but
like?
How
do
you
think
of
the
risk
of
let's
say
I
take
that
seriously
and
I
write.
My
proof
I
convince
my
team
member.
How
do
you
think
about
the
risk
that
we've
still
missed?
Something?
K
The
good
thing
is
that,
if
they
do,
then
I
mean
will,
if,
if
you
write
in
Marines
and
like
hey,
we
have
a
proof.
We
will
also
check
the
proof.
Like
I
mean
we're
part
of
the
audit
yeah
we're
the
ACM
Journal
you're
submitting
to
or
like
you
know,
we'll
make
sure
that
you're
reasoning
is
out
because,
like
oh,
this
is
a
good
invariant.
K
We
trust
you
guys,
but
let's
double
check
right,
ask
for
pen
and
paper
versus.
So
this
is
still
formal
verification.
Someone
says,
like
someone
said
like:
oh,
it's
not
formal
verification,
because
it's
a
pen
and
paper
now
it
is
formal
verification.
It's
not
mechanized.
For
my
verification,
he
wouldn't
take
a
math
paper
and
say:
oh,
it's
not
a
formal
proof,
because
it's
in
English,
like
it's
still
formal
proof,
it's
about
how
you
reason
and
how
good
you
are
at
formal
reasoning.
K
It's
about
how
many
nines
you
need
right.
I
mean
it's
a
Swiss
Cheese
model.
You
can't!
You
may
not
ever
catch
everything
that
you
want
to
catch.
K
The
world
is
chaotic,
but
if
you
start
with
your
pen
and
paper
proofs,
that
will
get
you
a
very
long
way
and
in
the
end,
like
a
few
of
these,
things
might
be
like,
like
the
environment,
I
showed
you
I,
wouldn't
even
necessarily
want
to
mechanize
that,
because,
like
there's
more
interesting
things
to
mechanize,
but
here's,
the
pen
and
paper
proof
that's
fairly
convincing
and
we'll
make
a
little
note
somewhere
that,
if
anything
happens,
that
updates
any
of
these
variables,
we
need
to
double
check
it
right.
P
The
mic
just
go.
Okay,
so
obviously,
like
part
of
the
limitations
of
of
defining
invariance
would
be
like
if
it.
If
it's
a
house
and
the
invariant
there's
no
Thief
can
go
through
the
front
door
or
come
out
if
he
somehow
got
in.
But
let's
say
that's
the
invariant
right,
so
obviously
the
limitation
would
be
that
you
know
we
sort
of
like
didn't,
define
that.
Oh
there's
also
a
window,
you
know
or
are
there,
you
know
there
were
roof
tiles
or
there
was
something
to
that
effect.
P
K
Well,
I
so
I
mean
to
to
work
with
your
analogy.
What
you
do
is
something
like
instead
of
saying
the
thief
can't
go
through
the
front
door.
It's
like
what
do
you
care
about
the
thief
can't
get
in
the
house
and
then
you
have
to
say
what
are
all
the
ways
to
get
in
there
like
you
know,
is
there
a
whole
like
what
can
happen?
Is
there
a
hole
in
the
walls
and
where
is
there
a
window?
Can
you
get
in
from
the
roof?
It's
sort
of
the
same
thing
here.
K
It's
like
one
thing
we
do.
A
lot
is
like
a
really
good
to
start.
An
audit
with
is:
where
are
all
the
places
where
any
token
transfers
happen.
Those
are
a
great
place
to
work
backwards
from
because
you
know,
and
then
there's
always
inline
assembly.
But
let's,
let's
forget
that
for
now,
but
just
look
at
all
the
places
where
tokens
or
ether
change
his
hands
and
then
look,
then
you
can
start
looking
like
well.
K
If
we
cover
all
the
paths
that
can
reach
those
locations
and
those
are
all
safe,
then
we're
safe
and
then
you
know,
of
course,
like
you
know
what
what,
if
the
token
can
do,
weird
things
if
it
like
in
block
users
or
something
something
you
need
to
keep
in
mind,
but
yeah
that
that's
sort
of
the
approach
right
like
find
like
well
take
the
floor
of
the
house
as
the
thing
that
this
thief
can
never
reach
and
then,
like
exhaustively,
enumerate
all
the
ways
someone
can
reach
the
floor
of
your
house.
I
guess.
K
Q
Have
Mike
so
in
the
example
you
showed
where
you
talked
about
basic
blocks,
my
reaction
was
like
and
and
reasoning
about,
invariance
before
and
after
they're,
not
as
it's
written
they're
not
necessarily
accessible
to
us
to
to
like
it's,
not
maybe
we
instrument
it
but
yeah
I
can't
really
get
in
there
easily,
with
the
tools.
I
have
in
my
hand,
I
by
hand
like
Forge
and
say:
okay.
Q
This
is
an
invariant
that
holds
over
this
if
statement
or
like
the
Block
in
there.
So
so
I'm
curious,
like
you
know
how,
if
there
is
a
way
I'm
missing
and
then
this
this
also
maybe
part
two
is
like.
Does
verifiable
code
look
different
than
like
readable
code
and
testable
code,
because,
if
I'm
to
I
imagine
pulling
this
out
into
a
lot
of
helper
functions?
That's
not
my
preference
in
this
case,
so
I'd
like
to
hear
your
thoughts
on
that.
K
K
You
know,
and
I'm
very,
very,
very
mature
language
like
Java,
there's
all
kinds
of
Reflections
and
like
python
like
there's
just
nothing,
you
can't
do,
whereas
you
know
you,
this
function
is
internal,
so
we
can't
can't
do
a
really
unit
test
with
Foundry,
so
which
is
also
a
good
reason
to
do
this
kind
of
reasoning
because,
like
instead
of
having
to
go
through
all
your
code
with
a
tool,
you
can
just
go
and
say
like
well.
K
I
know
solidity
well
enough
to
say
that
well,
the
only
way
this
storage
lot
can
be
modified
is
either
in
inline
assembly
or
somewhere,
where
this
is
exactly
named
in
this
way.
In
this
specific
contract,
I,
don't
think
anyone's
made
a
solidity.
K
No
there's
no
yeah,
there's
no
other
way
to
round
it
right
now.
So
so
I
mean
that
that's
why
this
reasoning
is
pretty
good,
like
you
can
actually,
especially
right
now
with
the
state
of
solidity.
You
can
track
tackle
these
things
on
pen
and
paper
quite
easily
that
you
can't
really
do
with
Foundry.
K
Ask
for
the
readable
or
I'd
say
that
I
say
they
all
come
together,
pretty
well
in
the
sense
that
you
don't
have
to
have
small
helper
functions
all
over
but
like
like
I
I
again.
The
data
structure
example
right
like
if
you
think
of
your
Java
hash
map
as
a
single
entity,
make
sure
that,
like
it
might
be
a
good
idea
to
have
like
you
know
the
updates
or
deletions
from
from
that
just
be
co-located
and
might
as
well
probably
be
a
function
right.
So
and
it's
not
about
going
crazy.
K
I
wouldn't
say
like
break
these
out
too
in
in
a
helper
function
like
we
have
Burns,
and
we
have
the
issues
like
that's
fine.
It's
only
two
places
verifiable
code
and
testable
well
testable
cold,
especially
now,
if
you're
using
Foundry,
testable
code
kind
of
requires
you
to
put
everything
public,
which
you
know,
there's
a
bunch
of
costs
that
you
might
not
want
to
pay,
but
verifiable
code.
I'd
say
now.
It
just
really
relies
on
this.
K
That
you
have
all
the
relevant
changes
to
things
that
have
a
clear
relationship
are
co-located,
whether
that's
in
functions
or
anywhere
else,
and
you
know
right
right,
a
bunch
of
inline
comments
that
say,
like
you
know
how
your
respect
in
this
environment
and
so
on,
I'd
say
that
the
the
enemy
of
this
is
maintainable
code.
That's
why
it's
like
the
good
thing
here
is
like
well
things.
K
We
don't
maintain
that
much
code
here
like
we
deployed
and
then
it's
deployed,
so
you
don't
have
to
worry
that
much
about
like
well
what
if
we
change
the
code
and
then
we
forget
to
update
the
code
comments
because,
like
we're
kind
of
relying
on
the
idea
that
things
get
Frozen
here,
that's
one
reason
that
formal
methods
doesn't
haven't
really
had
a
breakthrough
in
you
know
web
2
or
standard
back-end
development
because
like
well,
everything
has
to
be
maintainable.
K
R
I
actually
have
a
follow-on
question
to
that
right
here
in
the
back
hi
yeah
you,
you
said
that
you
should
be
doing
these
proofs
only
during
the
or
when
the
code
is
frozen,
because
you
can,
you
don't
have
to
be
redoing
your
changes
over
and
over
right,
which
is
right,
like
you,
don't
have
to
be
doing
this
work,
but
it's
you
have
something
to
mechanize
the
invariant
checking
you
can
do
it.
R
You
know
not
only
with
changes,
but
you
can
also
get
valuable
feedback
during
the
development
cycle
right
so,
and
that
has
other
benefits
too.
That
you
sort
of
alluded
to
in
your
symbolic
execution
is
that
you
don't
have
to
rely
on
the
fact
that
you
have
to
manually
look
at
all
the
places
where
storage
is
updated.
R
You
don't
have
to
worry
about
the
fact
that
you
made
a
delegate
call
into
a
library
and
oops,
actually
that
Library
had
an
inline
assembly
blocked
as
a
secretly
changing
that
all
gets
sort
of
handled
for
you
automatically
during
mechanized,
proving
so
I
I,
just
I,
I,
guess
I
quibble
with
what
you've
said
there
that
you
should
only
be
doing
your
invariant
proofs.
You
should
probably
be
doing
it
much
more
frequently.
Yeah.
K
I
mean
I'm
I'm
more
talking
from
experience
like
it's,
it's
like
I
would
say.
Like
start
writing
in
variants
like
as
soon
as
you
hit
your
docs,
like
you
know,
you're
doing
your
design
start.
Writing
invariants,
keep
them
up
to
date
in
the
code.
Realistically,
that
doesn't
happen
as
much
as
I'd
like.
If
you
want
to
be
a
unicorn
and
do
that
I
love
you
but
like
I
know
most
people
here
won't
do
it
that
that's
sort
of
what
I
was
I
was
getting
at
and
especially
like
yeah.
K
If
you
do
with
your
instrumented
tests,
then
you
know
go
right
ahead.
It's
almost
like
from
experience.
Sometimes
the
signs
change
enough
during
the
process
that
maybe
teams
don't
want
to
invest
all
that
time
in,
because
these
instrumental
tests
can
take
a
while
to
do
as
well.
If
you
want
to
have
some
examples,
go
to
that
alchemics
V2,
Foundry
repo.
It's
called
that
because
we're
working
on
setting
up
Foundry
tests
sort
of
like
this,
but
like
even
more
powerful
and
extensive.
K
So
you
can
see
some
of
the
work
that
goes
into
doing
like
full
Foundry
checking
of
a
bunch
of
different
invariants,
but
the
all
the
variants
came
from
an
audit
where
we
found
them
and
wrote
like
formal
English
proofs
of
them
Lucas
over
there
actually
did
than
that.
So
it's
yes,
this
paper
and
a
bunch
of
other
things
in
our
Publications
are
actually
really
good
resources.
K
If
you
just
want
more
examples
of
this,
this
entire
section,
where
we
just
go
over
like
10
different
invariants
and
give
four
fairly
formal
proofs
or
hand
waves
about
why
each
of
them
holds
so
it's
a
great
place
to
go
and
see
more
examples.
There's
also
links.
If
you
go
again
to
the
beginning
in
the
the
lecture
notes
or
slightly
more
extensive,
there
should
be
links
in
there.
Yeah.
S
A
kind
of
a
follow-up
on
that
it
strikes
me
that
some
of
this
could
be
related
to
behavior,
driven
development.
I,
don't
know
if
I
haven't
really
seen
this
in
the
solidity
web
3
world,
but
you
know
think
of
like
a
tdd
loop
but
then
zoom
out.
So
instead
of
writing
a
failing
unit
test
red
green
refactor,
Loop
you're,
doing
a
red
green
refactor
loop
at
like
app
or
protocol
functionality
level.
S
So,
instead
of
like
the
standard,
arrange
act,
assert
way
that
we
might
set
up
a
unit
test
in
Behavior
driven
development,
they
call
it
given
when
then
so.
Given
some
background,
when
some
action
gets
taken,
then
I
expect
these
assertions
at
the
end
and
I
think
it
could
fit
well
with
like
threat
modeling
like
actors,
assets
actions.
I
was
just
curious
if
you've
seen
that,
because
when
we're
doing
bdd
and
I'm
trying
it
out
on
a
slitty
project,
you
got
to
keep
those
green
and
so
I
wonder
if
there's
a
way
to
kind
of
Drive.
S
Some
of
your
development
within
variants
that
you
use
in
the
bdd
world
you
use
cucumber,
which
is
like
runnable
English
language,
so
I
I
thought
that
might
be
a
pattern.
I
didn't
know
if
you've
seen
that.
N
Hello,
I
just
wanted
to
make
one
clarification
that
the
inductive
proof
at
the
function
level
is
what
you
need
to
perform
to
get
the
invariant
to
hold,
but
the
basic
block
level
is
easier.
That's
why
it's
presented
as
an
alternative,
so
we
can
show
it
at
the
basic
block
level.
Then
it
holds
at
the
function
level,
not
necessarily
the
other
way
around.
So
if
you
can't
show
it
at
the
basic
block
level,
try
it
at
the
function
level
still
might
hold
so.
K
So
KVM
doesn't
actually
work
over
Viper,
so
the
thing
is
like
well.
The
thing
we're
developed
now
works
over
Foundry
and
Foundry
works
over
solidity,
but
I
mean
there's
nothing
stopping
you
from
setting
up
your
own
little
pipeline
where
you
build
your
contracts
in
Viper
test
them
in
solidity
with
Foundry
or
just
you
know,
hack
on
Foundry,
to
make
it
include
a
Viper
compiler
and
then
do
the
same
things,
because
you
know
it.
K
It's
all
evm
at
the
bottom
anyway,
so
yeah,
I'm,
sure,
I'm
sure
someone's
going
to
hack
together
a
Viper
extension
of
Foundry,
eventually.
U
Just
curious,
if
you
had
any
examples
of
mechanized
invariant
tests
that
you
like
to
look
to
or
that
I
could
look
over,
just
I
still
haven't
wrapped
my
mental,
like
my
head
around
the
mental
framework
for
parsing
out
like
what
invariance
should
look
like
yeah,
maybe
like
a
mix
of
English
like
pen
and
paper,
invariance
and
code
might
be,
might
be
helpful.
K
Yeah
I'd
say
check
out
the
the
alchemics
paper
for
a
good
like
run
through
of
so
there's
a
section
at
the
beginning.
That
lists
some
variants
in
the
section.
At
the
end,
that
proves
the
invariance
and
in
between
are
just
all
like
the
you
know,
findings
reports
with
mechanized
proofs
I.
Don't
we
I
mean
we
have
a
bunch
of
like
tested?
K
Come
talk
to
us.
It
depends
on
like
your
background
and
where
you
want
to
start.
We
have
just
a
bunch
of
different
resources,
depending
on
what
you're
interested
in
your
starting
level
just
to
make
make
or
die
multi-collateral
dye
proofs.
If
you
want
like
well
here's
a
full
formal
treatment
which
have
some
English
language
stuff,
but
it's
also
like
you
know,
fully
formally
specified
at
the
function
level,
all
of
it
and
that's
all
verified.
M
B
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
J
J
J
I
I
I
I
I
I
I
I
I
I
V
W
V
We
do
a
quick
introduction
and
then
I'm
going
to
jump
to
a
slide
which
will
show
you
where
to
go
on
GitHub
so
that
you
can
hack
along
I,
really
assuming
it's
a
workshop
right.
So
I'm
expecting
everyone
to
have
a
computer
in
front
of
them
and
start
hacking.
But
if
not
then
hey
you
know
you
can
just
stay
along
for
the
chit
chat,
so
my
name
is
David
I've
been
with
Vega
for
the
last
four
years.
V
I
mainly
look
after
the
kind
of
Financial
Risk
and
economic
design,
game
theory,
analysis
and,
together
with
me,
is
Tom
who's
coming
from
traditional
Finance
he's
a
Quant
with
Vega
help
working
on
the
working
on
the
research
team
and
one
of
the
speakers.
Mark
isn't
isn't
here,
but
he's
done
a
lot
of
the
a
lot
of
the
RL
stuff.
So
he's
the
main
brain
behind
that
so
I'm
going
to
jump
to.
J
So
yeah
we'll
go
back
to
introducing
what
Vega
is
in
a
minute,
but
given
I
don't
know
how
fast
the
Wi-Fi
is
going
to
be
in
here
just
running
through
a
few
first
step
setup
steps
that
we
can
get
going
with
while
we're
presenting
for
anyone
who
hasn't
noticed
there
is
Wi-Fi
specifically
for
the
workshops
called
Devcon
workshop
and
the
password
is:
was
it
built,
build
it
22.,
so
give
that
a
go
if
the
Wi-Fi
is
being
slow.
So
this
repo
at
the
top
here,
Vega
Market
Sim,
should
be
open.
J
If
you
go
over
there,
clone
that,
that's
your
your
first
step,
you're
also
going
to
need,
go
19,
I,
think
it's
necessary
python.
Ideally
310
39
might
work
and
poetry
just
because
it's
probably
the
better
package
manager,
probably
there's
a
requirements.txt.
If
you
just
need
that
as
well,
we
can
go
through
actually
setting
it
up
in
a
bit.
J
Then,
if
you
want
to
be
able
to
view
our
sort
of
front-end
console,
you'll
also
need
some
some
UI
framework,
yarn
and
NVM
for
node
management,
and
if
you
want
to
try
some
RL
at
the
end,
then
Pi
torch
is
a
good
starting
point
to
download.
So
broadly.
If
everyone
can
make
a
note
of
that
URL
before
we
switch
back
and.
C
V
Yeah,
so
we're
back
to
the
introduction,
but
it's
it's
sort
of
a
workshop
and
if
you
need
help,
the
person
who
isn't
speaking
can
actually
come
and
help
you
with
your.
You
know
whatever
it
is
you're
trying
to
do
within
this
framework
and
if
you're
not
having
luck,
then
we
can
see
if
one
of
us
will
have
better
luck
and
there
are
not
so
many
of
us
and
we've
got
I
think
two
hours.
So
we've
got
plenty
of
time
to
actually
get
everyone
going
and
hacking.
V
And
then
you
know
we
will
introduce
what
you
already
started.
Setting
up,
which
is
the
Vega
markets
in
which
is
relying
on
something
called
vegan
all
chain.
Will
we'll
explain
what
that
is
and
then
once
we
have
that
we
will
sort
of
explain
how
to
use
the
market
same,
how
it's
set
up.
You
know
what
what
environment
is
there?
V
What
agents
are
there
and
what
you
can
do
and
at
the
end,
we're
gonna
show
you
how
you
can
you
know,
train
reinforcement,
learning
agents
on
top
of
this
and
why
you
might
possibly
want
to
do
that.
So
that's
that's
the
plan.
V
So
we
started
what
is
Vega
protocol.
So
Vega
protocol
is
a
layer,
one
blockchain
for
derivatives
trading.
It's
set
up
from
the
ground
up
for
trading
margin
products
and
the
price
Discovery
is
either
through
limit
order,
books
or
through
auctions.
Where
do
the
auctions
come
in?
Typically,
when
you're
setting
up
a
new
market,
you
don't
know
what
the
price
is.
So
initially
there
it's
running
in
an
auction,
the
auction
determines
what
the
opening
price
should
be
and
then,
if
everything
goes
well,
it's
it's
running
as
a
limit
order
book.
V
If
there
are
big
price
moves,
according
to
the
risk
model,
it
might
switch
to
a
protective
auction
to
make
sure
that
the
big
price
move
is
really.
You
know,
what's
happening
economically,
it's
not
someone
with
a
fat
finger.
You
know
for
getting
a
zero
on
an
order
and
or
adding
a
zero
on
an
order
and
causing
causing
Mayhem.
Anyone
can
create
a
market.
What
it
means
is
you
submit
a
market
proposal
to
the
blockchain
and
then
it
goes
through
the
governance
and
it's
and
it's
voted
on.
V
So
that's
what's
meant
by
permissionless
here
and
what
kind
of
markets
at
the
moment
it's
it's
a
supports
cash
settled
futures.
There
is
roadmap
for
supporting
any
kind
of
derivative
through
a
derivative
payoff
language
which,
which
will
be
probably
basm
based,
but
that's
that's
just
on
the
roadmap.
For
now
it's
it's
cash
settled
Futures,
and
so
basically,
if
you
can
find
an
oracle
for
the
market,
then
you
can.
Then
you
can
propose
a
market
and
it
will
run.
V
It's
got
a
bespoke
liquidity
provision
mechanism
because
it's
it's
not
based
on
now
ever
so
popular
constant
product
markets,
but
it's
based
on
a
limit
order
book.
So
you
have
to
do
something
slightly
different
to
bond
liquidity
to
element
order
book.
So
it
does
that
and
at
the
moment,
the
the
assets
that
have
value
that
you
would
use
a
settlement
asset
on
Vega
they're
bridged
from
ethereum,
though
in
the
future
there
will
be
other
Bridges,
but
ethereum
bridge
is
there
you
can
on
Vega
before
proposing
a
market.
V
If
you
wanted
to
settle
in
some
other
asset,
that's
not
there.
Yet
you
can
propose
the
asset,
the
asset
load
and
be
bridged
from
ethereum,
so
you
can
imagine
that
there
will
be
usdc
tether
ethereum,
whatever
people
want
to.
Is
that
if
you're
designing
something
like
a
trading
platform,
some
of
the
goals
that
you
might
have
in
the
design
really
sort
of
run
at
Cross
purposes
between
a
general
purpose.
V
Blockchain-
and
you
know
what
do
you-
what
you
would
ideally
like
for
a
trading
platform,
so
the
things
that
I
picked
out
are
you
know
a
general
purpose
blockchain
you.
You
need
something
like
a
gas
mechanism
for
people
to
pay
for
the
cost
that
whatever
transaction
the
chain
is
processing
for
them.
V
You
know
the
cost
has
to
be
covered
by
the
gas
and,
if
you're
trading,
this
is
really
you
know
really
sub-optimal
in
in
the
sense
that
there
are
transactions
that
you
want
to
include,
and
you
don't
want
to
penalize
them
by
charging
for
them.
You
know
if
someone
wants
to
post
a
limit
order,
that's
good
they're,
providing
liquidity.
You
really
don't
want
to
discourage
them.
If
someone
cancels
an
order,
that's
good
they're,
providing
price
information.
You
probably
don't
want
to
discourage
that
either.
V
So
you
know
that's
in
products
they're
effectively
promises
right.
If
someone
doesn't
look
like
they're
going
to
keep
their
promise,
you
want
to
close
them
out
immediately.
Ideally,
you
don't
want
it
farmed
out
to
some
Bots
that
are
running
somewhere,
because
then
you're
opening
yourself
up
to
Mev
and
on
a
whole
whole
host
of
other
problems.
So
you
can
have
Atomic
closeouts
again
for
margin.
You
want
to
do
potentially
quiet,
Maps,
heavy
risk
of
computations,
and
you
don't
want
to
be
paying
for
gas
for
those
on
a
general
purpose.
V
So
you
know,
we've
all
seen
various
D5
protocols
and
we've
seen
you
know
when
things
go
well,
it's
great
and
then,
when
things
don't
go
well,
it's
called
a
hack
or
an
exploit,
but
quite
often
it's
not
an
exploit
of
a
code.
Bug,
though
that
can
happen,
it's
it's
simply
an
exploit
of
of
the
mechanism
design.
You
know
you,
you
go.
V
You
want
to
design
a
protocol.
You
start
you,
you
think
what
incentives
should
I
create
so
that
I've
got
the
desired
behaviors
and
you
do
it
in
isolation.
You
really
try
to
think
it
through
right.
You
you
take
the
smartest
people
you
can
find
there
are.
You
know
dozens
hundreds
of
incredibly
smart
people
in
defy
they
do
their
best.
They
do
what
makes
sense.
V
They
think
it
through
as
much
as
they
can,
but
it's
difficult,
it's
really
really
difficult
to
think
through
all
the
consequences,
especially
if
you
have
one
incentive
mechanism
here.
Another
here
design
may
be
in
isolation
and
now
they're
interacting
right,
yeah.
V
V
Yeah
yeah,
so
you
you
put
two
incentives
mechanisms
together.
If
they
were
designed
in
isolation,
it's
it's
not.
You
know
completely
clear
that
the
combined
effect
is
actually
what
you
desired
and
then,
of
course,
D5
is
all
about
composability.
They
love
that,
but
once
you
introduce
composability
you're
introducing
another
level
disproof
stuff,
you
set
up
a
hypothesis
which
is
testable.
You
will
never
prove
that
it's
true,
but
you
can
set
it
up
so
that
you
run
the
experiments
that
should
disprove
it.
V
If
you
tried
your
best
and
you've
not
disproved
it,
then
you'll,
then
you
let
the
hypothesis
stand
till
they'll
proven
otherwise,
and
if
you're
wondering
what
this
is
you've,
probably
most
of
you
have
probably
seen
Game
of
Life.
It's
it's
the
idea
that
you
know
you.
You
can
take
a
bunch
of
very,
very
simple
rules
and
they
can
lead
to
very,
very
complex,
behavior
and
sort
of
agent-based
models
are
one
thing
that
will
allow
you
to
analyze
this
complex
Behavior.
V
So
yeah
definition
of
what
an
agent-based
model
is
from
from
Wikipedia
and
everyone's
favorite
agent,
and
quite
often
you
want
a
lot
of
Agents
or
a
lot
of
similar
agents.
So
agent
Smith
is
good.
I've
used
this
I've
used
this
picture
actually
twice.
I
I
was
when
you
talk
about
civil
attacks,
I
like
to
talk
I
like
to
use
that
picture,
but
here
it's
not
about
civil
attacks
here,
they're
good
agents
who
are
stressing
your
protocol.
V
So,
in
terms
of
you
know
what
type
of
Agents
you
would
find
in
agent-based
modeling,
there
are
the
the
simplest
ones,
are
what
I
call
zero
intelligence,
which
is
a
bit
insulting,
but
what
it?
What
it
means
is
that
they're,
not
learning
and
they're
not
optimizing.
You
just
say
this
is
the
state
of
the
world,
and
if
this
is
the
state,
then
they're
gonna
do
this,
and
if
the
state
is
something
different
they're
going
to
do
that.
So
you
know
they're
agents
that
have
hard-coded
actions
and
that's
what
they
do.
V
In
other
words,
I'm
going
to
solve
for
the
optimal
actions
and
that's
something
that
comes
under
you
know
the
name
either
mark
of
decision
processes,
if
you're
doing
discrete
time,
steps
or
control
theory,
stochastic
control,
theory.
It's
it's
a
reasonably
well
established
field,
and
you
know
there
are
a
bunch
of
algorithms.
I
could
spend
hours
talking
about
algorithms
that
they
have
for
solving
problems.
There
is
there
are
a
few
problems
that
you
can
actually
solve
by
hand.
V
One
of
the
most
popular
is
the
linear,
quadratic
regulator,
which
you
know
together
with
the
Kalman
filter,
was
one
of
the
great
successes
of
of
signs
of
the
60s.
You
know
Blended
on
the
moon,
and
all
that.
So
you
know
good
stuff
and
then
sort
of
the
the
fancy
new
stuff
is.
Is
the
reinforcement
learning
where
you
actually
don't
have
to
tell
the
agents
what
their
environment
is?
They
just
repeatedly
interact
with
it,
observe
the
outcomes
of
their
actions,
observe
the
rewards
and
update
their
behaviors.
So
these
are.
V
These
are
the
type
of
Agents
you
might
want
to
run.
You
know,
on
top
of
your
environment,
to
see
what
is
happening
and,
of
course,
what
is
what
is
appropriate
and
what
you
need
will
very
much
depend
on
what
you're
trying
to
simulate
what
you're
trying
to
test.
But
basically
this
is
your
zoo
and
then
the
typical
setup.
For
for
these
things,
sort
of
you,
you
understand
you,
you
have
the
agent
agent
takes
action.
V
Okay,
so
that's
that's
not
so
important.
Now
it
will
be
more
useful
information
later
right
and
I
think
I'll
hand
over
to
Tom.
Now,
who
will
evoke
you
through
the
you
know
the
Vega
Market
Sim,
it's
a
workshop.
So
if
you
have
questions,
I
think
the
gentleman
there
already
said,
yeah
you're
setting
a
perfect
example,
keep
asking
questions.
X
Hello,
do
state
space
approaches,
have
any
role
to
play
in
parameter,
optimization.
V
Yeah,
so
so
you
would
set
up.
You
know
your
environment,
which
in
you
know
in
in
the
case
which
we
will
show
would
be.
You
know
the
whole
Market,
how
the
trades
happen,
how
the
orders
are
matched
and
then
you
run
that
whole
thing
through
the
simulation
see
what
happens,
and
then
you
want
my
want
to
do
the
optimization
on
top
of
that
right.
X
V
X
Like
Matlab
right
like
well,
that's
actually
numerical,
but
you
could
use
software
obviously
to
yes.
V
Yeah,
so
we're
I
mean
Tom
will
talk
through
that,
so
so
I'll
jump
a
bit,
but
basically
you
know
the
environment
on
its
own.
If
it's
just
the
market,
you
know
it's
an
empty
Market.
It
hasn't
even
gone
out
of
the
opening
auction.
If
no
one
proposes
anything.
So
so
you
automatically
need
bots.
So
we
will
talk
a
bit
about
the
Bots
that
are
provided
as
part
of
the
environment
and,
of
course
you
can
write
your
own
Bots.
That
can
do
you
know
well
whatever
they
want
to
do.
We've
got.
V
We've
got
some
basic
Market.
Making
Bots
we've
got
some
basic.
You
know
price
taking
Bots
we've
got
some
basic
momentum
Traders,
but
Tom
will
talk
more
about
that
so
I'll
hand
over
to
him.
V
Otherwise,
the
result
was
also
everything
important
how
to
figure
out
this
reward.
Basic
reinforcement,
learning
yeah-
that
is
a
difficult
I,
mean
in
reinforcement
learning.
This
is
typically
very
difficult
because,
when
we're
talking
about
is
effectively
an
environment
which
gives
you
no
rewards
for
any
of
the
actions,
you're
taking
and
that's
sort
of
an
infinite
reward
for
finding
the
bug
yeah
and
how
this
is
declare
it
no
I
I,
don't
think
you
will
find
bugs.
F
Yeah
just
a
quick
question
so
in
this
in
this
type
of
systems,
do
you
take
the
code
from
what
you
are
testing,
for
instance,
for
the
Vega
protocol
I
just
quickly
check
that
it's,
it's
all
go
code
right!
Okay!
So
do
you
take
this
code
and
run
it
inside
your
simulation,
or
do
you
create
a
model
of
that?
F
V
So
so
we're
running
the
whole
Vega
stack
again.
Tom
will
show
that
but
you're
absolutely
right
and
in
some
situations,
especially
if
you
want
to
do
reinforcement,
learning
having
a
simplified
model
on
which
you
can
train
before
you
actually
go
into
the
full
stack,
which
will
be
inevitably
slower
than
you
would
like,
because
things
are
never
as
fast
as
you
want
would
be
useful.
But
we
don't
have
that
at
the
moment.
We're
learning
on
the
whole
thing.
V
That's
why
it's
important
that
we
we
use
an
algorithm
which
collects
the
sarsa
sequences,
and
so
then
I
can
learn
offline,
but
we
don't
have
model.
There
are
reinforcement,
learning
techniques
which
sort
of
build
up
model
from
observations,
and
you
can
do
a
lot
of
clever
stuff,
but
but
I'm
far
from
being
an
expert
on
that.
V
So
so
one
thing
that
I
didn't
say
is
one
reason
why
D5
is
so
good
for
agent-based
modeling
is
you
know
you
can
try
and
people
have
been
talking
about.
Agent-Based
modeling
in
the
in
the
real
economy,
and
economists
would
love
to
do
that,
but
they
don't
have
the
environment
on
which
to
execute
it
and
in
D5
we
do
have
that
because
things
are
typically
open
source.
You
know,
I
can
go
and
take
the
smart
contract
and
run
things
through
the
smart
contract.
I
don't
have
to
create
the
environment.
V
I
just
say:
okay
I
care
about
how
this
smart
contract
interacts
with
this
one
I
take
whatever
ganache
hard
head,
I
put
it
there,
I
set
it
up
as
my
environment
and
I
pump.
Thousands
and
thousands
of
simulations
through
that
I
can't
do
it
in
the
real
economy.
But
here
we
can
so
it's
awesome.
Okay,
more
questions.
V
That
trades
or
kind
of
what
are
the
reward
metrics,
because
I'm
assuming
they're
not
like
bugs
but
more
if
I
find
my
kind
of
outcomes
so
so
for
us,
it's
a
very
problem
problem
specific.
So,
for
example,
if
we
want
to
test
you
know
what
some
of
the
network
parameters
should
be.
We
set
up
an
environment
and,
and
then
we
look
at
things
like
you
know,
if
if
I've
got
a
rationally
behaving
Market
maker
and
the
parameter
is
X,
what
is
their
return
on
Capital
and
I'm
thinking?
Well,
you
know.
V
Maybe
this
is
letting
them
earn
too
much
money.
It
doesn't
make
sense,
but
in
terms
of
the
reinforcement
learning
guys
you,
you
would
typically
look
at
Financial
rewards
and
then
yeah
you
can
either
run
it
thinking
of
it.
You
know
maybe
you're
thinking,
they're
trading
Perpetual,
so
it's
just
forever
or
you're.
Thinking
that
they're
trading,
a
settlement
market
and
so
the
reward
comes
at
settlement.
But
it's
it's
very
much
something
that
you
have
to
design
for
the
specific
purpose
that
you
have
in
mind.
This
is
sort
of
more
the
toolbox
and
I'm
gonna.
V
C
J
Okay,
so
yeah
just
discussing
the
market,
simulator
will
get
to
doing
so
ourselves
in
a
minute,
but
first
I
think
it's
useful
to
go
through
and
yeah
to
cover
again
slightly
more
technically
some
of
the
some
of
the
questions,
how
we
are,
how
we
run
these
simulations
and
how
how
we
get
interesting
results
out,
so
the
vegan
market,
simulator
broadly
the
way
that
Vega
itself
is
set
up.
We
run
with
a
tenement
consensus
layer
for
those
who
don't
know
tenement
is
it's
a
cosmos
based
consensus.
J
The
problem
with
that
is
that
it's
generally
tied
to
our
block
time,
which
is
about
a
second.
So
if
you
run
the
whole
thing,
you
can
watch
the
market
going
second
by
second
and
you
can
interact
with
it,
but
you
can't
run
as
the
question
in
the
back
said.
Thousands
of
scenarios
run
it
through
a
year.
Do
all
these
things.
So
what
we
do
we
strip
that
out?
We
run
what
we
call
a
null
chain
entirely
on
on
one
PC,
and
this
just
broadly
accepts
any
transactions.
It's
sent
it
will
it
still
checks
they're
valid.
J
It
still
runs
through
the
whole
Vega
core
logic,
but
just
adds
into
a
block
allows
you
to
control
time
forwarding,
so
you
can
it'll
just
sit
and
do
nothing
until
you
tell
it
to
run
forwards
or
fill
up
a
block,
and
so
you
can
inspect
at
any
point
in
time.
J
For,
however
long
you
want
what's
going
on,
then,
on
top
of
this,
once
we've
got
that
running,
we
have
in
Python
an
API
layer
which
lets
you
express
your
trading
actions,
your
agents
behaviors
in
much
more
Market
Primitives,
without
having
to
worry
about
the
fact
that
you're
running
on
a
blockchain,
occasionally
it
still
Creeps
in
because
that's
the
way
the
world.
J
How
this
all
works
is
your
python
layer
manages.
We've
got
two
different
kinds
of
interfaces
at
the
moment:
a
Vega
service
null
which
spins
up
this
as
I
mentioned
a
service
entirely
on
your
machine
or
what
we've
recently
created,
which
is
Vega
service
network,
and
that
allows
you
to
connect
to
a
running
external
network
and
run
the
same
agents
that
you've
just
been
running
locally,
but
on
the
real
Network
that's
going
on.
So
that
can
be
useful
in
some
cases
too.
It
allows
us,
for
example,
on
our
test
net.
J
We
can
run
agents
and
simulations
that
other
real
people
can
interact
with
and
see
how
that's
working
we'll
demo
all
that
in
a
bit
so
yeah
back
to
setting
things
up
and
viewing
I'll
go
through
the
viewing
in
a
second
but
yeah
yeah
I
was
gonna
gonna
break
here
anyway,
so
yeah,
so
we're
back
here.
I,
don't
know
how
many
people
have
managed
to
get
to
the
end
of
this,
but
I
think
we'll
probably
take
a
sort
of
10
minute
break
to
catch
up.
Anyone
who
has
them.
J
We
can
wander
around
and
see
whether
everyone
will
manage
and
then
10
15
minutes.
We
can
come
back
and
continue
with
doing
something
more
interesting
with
it.
If
you
think
you've
got
it,
set
up,
try
and
run
these
scopes
at
the
bottom.
We
can
also
tell
you
something
more
interesting
to
run
if,
if
you're
stuck
I
think
I
had
a
question.
Yes,.
M
So
I
can
then
more
in
a
more
real
way,
basically
test.
My
my
ideas.
J
It's
actually
it's
something
we're
pretty
much
currently
working
on,
is
being
able
to
better
snapshot
an
existing
running
chain
and
be
able
to
totally
restore
from
that.
Where
there
is
there's
the
capability
currently
to
you
can
run
your
simulation
and
save
that
and
rerun
the
same
thing.
So
you
can
have
a
an
example
that
you
run
and
then
run
your
things
after
we
don't
currently
have
a
way
to
pull
from
an
existing
Network.
Z
That
people
should
be
using
in
their
protocol
and
I,
tend
to
tell
them
that
they
can
more
easily
solve
for
tokenomics
problems
by
including
a
market
mechanism
to
optimize.
And
let
you
know
the
market
do
those
kinds
of
things.
Like
example,
uniswap
V3
solves
the
hard
problem
of
how
to
set
the
curve
by
allowing
concentrated
liquidity.
So
my
question
is:
do
you
guys
have
an
intuition
for
which
kind
of
simulation
like
which
kind
of
systems
require
a
simulation
and
which
kind
don't?
Z
J
Good
question
I
I
guess
I'd
go
back
to
as
David
was
saying
earlier.
It
depends
on
how
well
you
can,
if
you
can
solve
it.
Mathematically,
that's
probably
always
going
to
be
optimal,
but
when
it
reaches
a
certain
point
of
complexity,
yeah
I,
don't
know
how
you
would
do
it
without
either
an
agent-based
simulation
or
stochastic.
Z
Z
The
simulation
yeah
I
mean
it
multiplies
the
number
of
agents
in
the
in
the
system
by
like
orders
of
magnitude.
If
you
have
to
use
a
market
to
Source
lots
more
participants,
ladies
I
guess
is
there:
is
there
an
upper
limit
to
the
kind
of
complex
system
that
the
Vega
Market
simulation
can
handle.
J
Well,
practically
I
guess
there
is
enough
limit.
We
are
the
the
system
itself,
we're
hoping
will
be
able
to
scale
to
many
thousands
of
people,
so
that
should
also
scale
to
to
the
number
of
Agents.
So
I
guess
it's
it's
a
a
goal
of
both
the
Vega
protocol
itself
and
the
market.
Sim,
thankfully,
have
similar
things,
because,
ultimately,
what
we
want
to
do
is
build
a
realistic
market.
V
Sort
of
going
back
to
the
going
back
to
the
points
that
we
were
making
I
absolutely
agree
that
if
you,
if
you're,
designing,
tokenomics
or
protocol
novel,
then
either
you
can
prove
that
it
works.
Or
you
can
use
this
agent-based
simulation
to
sort
of
not
prove
that
it
works,
but
show
that
it
doesn't
and
go
back
to
the
drawing
board.
Yeah.
AA
V
Terms
of
training,
though
there
are
two
questions:
I
I
can
have
the
environment
sort
of
I
can
have
some
agents
that
are
matter.
You
know
the
agents,
take
their
actions
quickly
and
get
on
with
it.
But
of
course,
the
moment
you
have
more
than
one
optimizing
and
learning
agent,
then
it's
the
whole.
You
know
Game,
Theory
and-
and
you
know
that
they're,
probably
and
and
then
it's
also
very
difficult
to
set
up
or
very
difficult.
You
have
to
think
carefully
about
how
you
set
it
up.
V
You
know
because
is
the
is
your
is
Agent
a
also
trying
to
learn
the
optimal
response
of
Agent
B
so
that
it
can
anticipate
Etc
and
and
then
you
know
they
can
end
up
chasing
themselves
in
circles
and
all
sorts
of
weird
and
wonderful
things
can
happen.
You
know
it's
game,
game
theory
and
NRL
comes
in
and
it's
it's
very
problem
specific.
AB
V
H
H
H
H
AC
H
H
H
H
H
H
H
H
H
H
J
Okay
so
I
think
a
few
people
have
it
running
at
least
we're
gonna
I'm
gonna
crack
on
and
then
we'll
have
another
break
in
a
minute
for
doing
the
next
bit.
So
we
can
keep
going
around
for
anyone
who's
who's
stuck
on
this
bit,
but
I
want
to
give
more
interesting
things
to
do.
On
top
of
that.
So
a
quick
side
once
once
the
the
null
chain
is
up
and
running
the
micro
SIM
is
up
and
running.
You
see.
J
Anyone
who
got
it
working
would
have
seen
something
like
on
the
right
here,
which
it
is
it's
a
printed
output,
log
of
some
stuff,
that's
going
on
inside
markets.
Him
exposes
various
apis
for
this,
but
often
you
don't
want
to
just
have
to
manually
call
python
apis
for
every
single
thing
that
you
might
want
to
experience.
J
So
we've
got
a
couple
of
useful
portals
portals
on
your
data.
You
can,
if
you've
set
up
the
UI
components
as
well
change
a
flag.
This
run
with
console
equals
true
in
generally,
wherever
you
happen
to
be
running
your
Vega
null
chain
that
will
bring
up
in
a
web
browser
the
nice
console
that.
S
J
That
is
the
same
console
that
people
use
on
Vega
protocol
itself,
so
that
has
theoretically
pretty
much
everything
you
need.
You
can
even
trade
manually
through
that
as
well.
If
you
want
you
can
log
in
as
your
agents
that
you've
set
up
we'll,
probably
demo
it
a
bit
in
a
in
a
bit,
you
also
can
is
actually
always
launched.
J
If
you
take
the
logs,
there
will
be
this
graphql
port,
and
if
you
go
there
and
you
know
graphql,
you
can
query
the
entire
system
with
a
fairly
hopefully
clear,
graphql
queries
there's
on
what
is
it
docs.vega.xyz,
there's
a
link
in
a
bit
the
entire
sort
of
structure
of
your
graphql
queries
you
want
as
well,
so
for
anyone
who
has
good
at
running
for
more
interesting
scenario,
that's
something
you
can
try
out
running
I'll
leave
it
up.
Actually,
let
me
skip
to
the
next
thing.
J
This
is
what
I'm
going
to
talk
through
with
this
app,
so
anyone
can
type
it
up,
so
the
components
that
Vega
itself
runs
on
a
on
a
validated
node
that
we're
also
going
to
be
running
locally,
that
the
Nile
service
spins
up.
There
are
a
few
different
ones:
we've
got
Vega,
which
is
the
core
process.
That's
the
go,
blockchain
client
that
does
all
of
your
transaction
processing
and
outputs
your
States.
J
That
is
obviously
it's
a
point
in
time
proceeding
thing.
So
we
also
want
the
data
node,
which
is
listens
to
external
events,
output
by
the
note
core
node
itself
and
saves
those
into
a
postgres
database
and
allows
you
to
query
all
of
that
historic
data
and
that's
generally,
what
you'll
be
using
when
you're
querying
any
data
from
Vega.
J
The
wallet
is
basically
science
transactions
and
ensures
that
any
sort
of
custom
signing
we
have
some
proof
of
work
to
stop
spam
attacks
and
stuff,
and
that
handles
all
that
it's
optional
here,
because
for
the
null
chain,
what
we
actually
do
is
Skip
all
of
our
validation,
so
that
it
will
blindly
accept.
If
you
send
a
transaction
and
say
it's
from
whoever
it
believes
it's
from
whoever.
J
So
once
we've
got
our
our
Market
Sim
set
up,
how
do
we
actually
run
our
scenarios
there
set
up
as
ideally
Plug
and
Play
components?
The
overall
thing
we
set
up
is
we
call
a
scenario
that
consists
of
an
environment
which
is
your
background
environment
and
your
Vega
setup.
So
that
will
include
things
like
how
many
steps
you
want
to
run
your
simulation
for
how
your
vager
is
set
up
and
sort
of
what
kind
of
logging
you
want
that
kind
of
background
detail.
J
We
then
plug
in
the
various
agents,
some
of
whom
will
be
setting
prices.
They
could
be
acting
randomly
and
each
of
them
will
have
something
they
do
you'll
see
when
you
build
one
yourself
in
a
bit,
something
to
do
with
startup
often
they'll
force
it
themselves,
some
tokens
that
kind
of
thing
and
then
they've
just
got
a
function
and
each
step.
We
call
that
function
and
it
does
whatever
it
wants
to
do.
It
pulls
in
data
from
the
market.
It
trades
they
do
whatever.
J
So
sorry,
environment
you'll
see
that
when
we
go
in
a
minute
to
the
agents
themselves,
so
yeah,
what's
an
agent,
it's
it's
fairly
simple.
Ultimately,
it's
an
initialized
step
where
they
generally
force
it.
Sometimes
they
will
do
things
so
we'll
have
an
agent
that
sets
up
all
the
assets,
because
you
start
with
a
blank
blockchain.
You
don't
have
any
assets,
any
markets,
that
kind
of
thing
so
there's
you
may
see.
If
you
look
through
a
market
manager
who
does
all
this
setup
for
you,
then
they'll
have
a
function.
That's
called
every
scenario
step.
J
However
many
steps
you
do
generally
will
sort
of
randomly
shuffle
them
so
that
you're
not
always
getting
the
first
agent
called
First
in
any
step
and
then
a
finalized
method
that
most
mostly
you
can
ignore,
but
often
you'll
want
one
to
sort
of
settle
the
market
and
things.
So
that's
how
you
you
want
to
set
up
your
agent
there's
one
more
thing,
I
mentioned
earlier
that
sometimes
the
blockchain
does
have
to
bleed
back
in
you'll,
see
scattered
throughout
occasionally,
you'll
wait
for
total
catch-up
function.
J
Basically,
what
this
ensures
is
that
you're
getting
a
good
view
of
the
market.
Currently,
you
haven't
thrown
way
too
many
transactions
at
it,
everything's
in
sync,
that
kind
of
thing,
so
it
just
ensures
that
your
more
real
world
modeling,
rather
than
trying
to
ensure
that
you
can
get
everything.
X
J
One
nanosecond
through
so
I'm
gonna
now
talk
through
building
one
of
these
agents,
a
really
simple
one.
It's
just
gonna
do
a
bit
of
training,
I,
guess
and
then
we'll
break
again,
and
hopefully
you
can
put
together
your
own.
A
bit
I,
try
and
find
where
you're
the
exam
is.
J
J
I
can
discuss
the
actual
arguments
with
people
but
which
we
call
curve
Market
maker
and
that
a
h
jump
into
working.
Basically,
that
contains
an
agent
who
ensures
that
there's
a
nice
shape
of
the
market
and
a
few
who
just
sort
of
randomly
buy
and
sell
so
they're,
very
dumb.
Theoretically,
you
should
be
able
to
agent,
which
is
what
hopefully,
we're
going
to
build.
J
J
U
V
J
AB
H
V
H
H
H
H
AC
H
AC
AC
AC
AC
V
Okay
so
they're
down
to
the
relay
just
the
hardcore
Workshop
participants.
You
know
you
you're,
the
ones
who
prevailed
with
us
despite
Python
and
its
foibles
and
and
the
slow
internet
so
I'm
going
to
crack
on
if
you're,
if
you're
coding
keep
coding,
you
know.
If
you
have
questions
there
will
be
time
to
ask
questions
and
what
we
went
to.
What
we
want
to
get
to
now
is
just
to
show
you
a
little
bit
more
of
you
know
what
the
agents
that
that
you
have
there.
V
You
know
as
part
of
the
environment
as
Tom
was
saying:
if
you
just
set
it
up,
there
is
nothing
it's
it's.
The
empty
Vega
blockchain,
a
civil
as
it
would
be
when
it
launches
live.
You
know
no
assets,
no
markets.
Everything
has
to
be
created
through
governance,
and
you
know
once
the
asset
is
created
once
the
market
is
voted
through,
which
you
know
the
python
sort
of
expedites
for
you,
you
will
still
have
just
an
empty
market
right,
no
liquidity
on
it,
nothing,
no
activity
so
effectively.
V
The
code
provides
various
versions
of
of
market
makers
that
are
based
on
some
stochastic
control,
problems
that
are
pre-solved
coded
up
and
basically
running,
and
then
some
sort
of
hacks,
where
you
know
the
optimal
solution
of
the
stochastic
control
problem,
is
used
as
a
heuristic,
and
then
you
put
something
on
top
of
that,
and
you
know
there
are
you:
can
you
can
have
a
liquidity
Trader?
You
can
have
liquidity
takers.
It
just
means
they
Place
random,
Market,
buy
and
sell
orders.
V
You
can
have
informed
Traders.
What
does
it
mean?
Well,
you
just
tell
them
what
the
price
will
be
at
the
next
step.
Right,
you
know,
maybe
they
they
have
inside
information
or
whatever,
and
there
are
the
momentum
Traders
through
a
library.
So
you
you,
can
you
can
trade
on
on
all
the
patterns
that
these
chartist
people
have?
You
know
there
are
these
vomiting,
camels
and
I.
Don't
know
what
else
you
know
you.
AD
Kind
of
framed
the
conversation
if
by
any
chance,
you're
triggered
by
any
of
the
conversation
that
we're
having
today
I,
do
have
an
ally
here
that
is
trained
in
helping
you.
So
if
you
want
to
have
a
conversation
lower,
if
you
want
to
raise
your
hand,
Louis
is
available
to
you
for
resource.
If
you
want
to
use
her
feel
free
to
give
her
a
talk.
AD
AD
The
first
definition
that
we
want
to
kind
of
think
about
is
what
is
called
privilege
and
privilege
is
understanding
like
a
difference
within
power
and
understanding
that
there
are
some
there's
some
ways
where
you
naturally
have
power
or
privilege
in
a
situation
where
another
group
will
be
will
not
have
power,
and
usually
the
group
that
has
the
power
is
the
privileged
group
and
the
power
of
the
group
that
does
not
have
the
power
is
called
the
oppressed
group.
These
forces
and
powers
can
be
racially
divided.
It
can
be
General
gender
divided
here
at
devcom.
AD
The
privilege
groups
are,
can
you
think
of
a
privileged
group
to
hear
at
dead
con
white
man
that
might
work
okay?
What
else
would
be
a
privileged
group
here
at
Devcon
CIS,
guys,
okay,
VCS,
okay,
rich
people?
Okay,
what
else
would
be
a
privilege,
good
passports?
That
would
be
one.
What
else
would
be
a
privilege
how
about
speaking
English?
First
language
is
a
privilege
right,
so
you
have
all
of
this.
How
about
physical
abilities
going
up
and
down
the
stairs
like?
AD
There
are
a
lot
of
different
ways
if
you're
someone
who
might
be
like
neuro
atypical.
This
is
a
very
over
stimulating
place.
You
might
have
privilege
on
that
aspect.
So
there's
a
lot
of
aspects
of
privileges
are
in
play
all
the
time
around
us,
and
so
that's
something
that
we
might
just
want
to
be
aware
of
is
where
your
privilege
is
coming
through
after
privilege,
we
have
bias.
AD
Biases
are
like
the
way
that
are
kind
of
almost
unconscious
privileges,
kind
of
show
up
per
se,
so
one
of
the
things
that
I
would
definitely
encourage
you
to
do
is
there
is
a
Harvard
implicit
bias
test
and
like
one
of
the
ways
it
shows
up
within
our
workplace
is
like
holidays
right.
So
everyone
knows
we
get
Christmas
and
New
Year's
off,
which
is
great,
but
it's
also
religious
bias,
because
it's
not
just
Christians
that
still
have
celebrations
throughout
the
year.
AD
So
you
can
take
the
Harvard
implicit
bias
test
to
just
kind
of
know
where
your
biases
are
showing
up,
and
it's
important
to
know
where
your
biases
show
up,
so
that
when
you
create
policies
or
procedures
you're,
just
aware
of
where
your
biases
are
it,
you
try
to
like
not
if
you're
aware
of
your
biases
you're,
trying
to
not
intentionally
do
harm
and
like
being
aware
of
your
biases.
Are
those
steps?
AD
Who
has
that
power
to
use
their
power
in
a
way
that
benefits
the
situation
and
leverages
the
Injustice
of
power
that
I
would
have
or
the
other
person
who
without
power,
has
But
A
Step
Beyond
allies
is
actually
called
accomplice
and
that's
what
I
would
really
want
you
all
to
be.
An
accomplice
is
someone
who
like
says:
yes,
you
do
have
a
power,
indifference
and
I'm
going
to
level
it
and
use
all.
AD
My
power
to
level
it
as
much
as
but
I'm
going
to
be
in
the
trenches
with
you
as
we
move
this
forward
and
so
there's
one
aspect
where
you're
recognizing
like
oh:
there
is
a
power
indifference
and
it's
not
really
fair
and
I
hope
that
works
out
for
you
and
then
there's
a
difference
with
hey.
There
is
a
power
indifference,
that's
not
really
fair!
I'm
going
to
do
everything
I
can
to
justify
that
power,
indifference
and
that's
where
I
hope
we
all
become
in
this
space.
AD
These
are
like
generally
like
over-the-top
issues
that
we
kind
of
think
about.
One
of
the
things
is
like
30.
Racially
diverse
teams
perform
35
better
than
non-racially
diverse
teams.
So,
if
you
want
to
like
easily
have
a
better
performing
team
have
diversity
on
your
team?
That's
like
one
of
the
easiest
way
to
do
it
again.
Teens
were
women,
and
men
earn
equally,
will
actually
have
40
41
higher
revenue
generated
for
the
organization.
AD
So
if
your
org
wants
to
easily
have
make
more
money,
have
equally
diverse
teams
from
a
gender
perspective,
and
you
have
a
don't
have
a
gender
pay.
Gap
would
be
another
way
to
do
it,
but
the
key
reasons
that
these
are
important
to
web3
are
the
actual
like
ethos
of
web3.
So
when
you
think
of
like
decentralization,
you
think
of
identity,
you
think
of
plurality,
although
the
time
you
talk
about
this
from
a
technical
perspective,
but
this
is
also
like
a
human
perspective.
AD
AD
So,
as
you
make
a
decision,
are
you
decentralizing
itself
and
making
a
decision
that
has
a
voice
of
a
lot
of
people?
Are
you
making
an
assumption
for
people
that
are
centralized
along
one
of
those
verticals
decentralization
helps
you
have
a
lot
of
people
thinking
about
the
best
way
to
attack
a
problem
and
the
best
way
to
move
forward.
So
the
more
that
we
can
say
like
is
this
decentralized
as
far
as
we're
making
like
people
processes,
or
is
this
decentralized
from
a
web
3
perspective?
AD
You
also
want
different
types
of
people,
building
different
types
of
things
from
different
types
of
perspectives,
and
that
helps
be
a
stronger
Network.
You
know
that
to
me
also
reminds
me
of
plurality
where
we
say
like
hey:
it's
not
trying
to
have
one
team
make
it
it's
like.
If
it's,
we
all
get
stronger
when
everyone
gets
stronger
and
that
ethos
applies
towards
different
types
of
peoples
as
well.
So
when
you
start
to
understand
different
web
3
ethos,
you
can
apply
them
to
technology.
AD
You
can
apply
them
to
software,
but
you
can
also
apply
them
to
people's
and
people's
needs.
So,
even
if
it's
difficult
for
you
to
understand,
like
you
know,
I
won't
I,
don't
understand.
You
know
an
Asian
male's
perspective,
but
I
can
fight
for
them,
because
I
believe
in
plurality
that
might
be
a
way
to
like
fight
for
the
end
Underdog
per
se.
AD
So
we
think
about
this.
I
also
think
about
this
as
being
extremely
important
from
an
identity
perspective
in
web
3,
because
in
what
three,
a
lot
of
us
are
known
through,
like
our
ens
domains
or
like
our
lunch
problem
called
domains
or
whatever
you're
using
and
our
nfts.
So
you
could
be
interacting
with
a
person's
image
in
an
ether
name
and
not
really
know
the
person
behind
it
per
se,
and
so
you
kind
of
just
have
to
be
realizing
that
that
person
might
be
going
through
a
lot
of
different
things.
AD
But
you
don't
even
know
what
that
person
is
going
through,
so
the
more
that
you
can
Advocate
holistically
across
the
board
for
all
different
types
of
people,
the
better
it
can
be
and
when
you
start
to
like
minimalize
groups
or
think,
like.
Oh
there's,
not
someone
with
an
an
LGBT
background
within
our
group
that
so
we
don't
have
to
worry
about
it.
That's
might
not,
may
or
may
not
be
true,
because
you
don't
know
someone
Beyond
again
a
an
NS
nft
in
a
domain.
AD
So
the
more
that
we
can
create
better
policies
for
everyone,
the
better
off
it
can
be,
or
at
least
be
accomplices
to
people
the
better
off.
We
will
be
Okay
cool,
so
here's
the
meat
and
potatoes
of
it
we're
going
to
talk
about.
How
can
you
be
a
hero?
And
for
me
a
hero?
Is
anybody
who
can
like
also
be
an
accomplice?
AD
I
thought
I
would
be
like
really
cute,
so
you
can
get
like
a
little
superhero
costume
and
then
I
forgot.
This
was
around
Halloween
and
we
were
all
sold
out,
so
we're
gonna
just
be
our
own
Heroes
and
that
will
be
fine
today.
Okay,
so
there's
this
concept
of
holding
space
and
a
holding
space
can
be
having
a
meaning
group
to
hold
space.
It
can
be
holding
an
opportunity
for
certain
groups
to
learn
together.
AD
Holding
space
can
be
changing
the
panels
on
the
boards
or
holding
space
on
a
board,
or
a
panel
for
someone
that
has
is
coming
from
that
oppressed
group
and
holding
space
for
them.
But
it
can
also
be
opportunities
like
to
hold
space
for
a
cohort
to
learn
a
technology.
It
can
be
being
intentional
about,
like
your
public,
facing
things
having
specific
cohorts
for
learning,
so,
instead
of
having
everybody
thinking
that
everybody
like
enters
the
room,
the
same
way
having
specific
targeted
spaces
for
marginalized
communities
to
learn
that
technology.
AD
So
if
you're
going
to
I'm
going
to
use
cheap
fight
because
Chief
ice
here-
and
let's
say
you
wanted
to
like-
have
a
workshop
that
was
open
to
like
building
on
lens
protocol,
it
would
be
just
specifically
for
the
chief
Eye
Community,
learn
and
realizing
that
that
Community
learns
in
a
different
way
than
you
know.
AD
The
general
population
would
be
learning
and
creating
a
safe
space
for
them,
so
holding
safe
space
is
extremely
important
when
you're
dealing
with
marginalized
groups,
because
it
recognizes
that,
just
by
stepping
in
the
room,
there
are
power
dynamics
that
are
out
in
play.
AD
AD
AD
So
it's
the
steps
that
we
take
in
order
for
things
to
happen,
those
steps
mean
nothing
if
we
don't
take
them
so
having
the
code
of
conduct
or
seeing
that
there's
a
Code
of
Conduct
is
helpful,
but
you
need
to
also
be
enforcing
code
of
conducts
too
being
aware
of
microtrans
microaggressions.
Does
anyone
know
what
a
microaggression
is?
Would
it
be
helpful
for
me
to
explain
it?
E
AD
Yeah
so
I
think
so
I
can
only
speak
yes,
I
think,
like
so
I,
can
think
of
some
of
the
microaggressions
that
I
get
and
I.
Think
for
someone
for
me.
I
get
like
you
speak
so
well,
which
like
seems
like
a
compliment,
but
really
when
you
flip
it
around.
It's
actually
a
microaggression,
because
there's
an
assumption
that
I
wouldn't
speak
well.
AD
You
know
that
there's
a
certain
group
of
people
that
shouldn't
speak
well
or
that
vernacular
of
being
well
spoken,
only
resolves
it
or
that
even
being
well
spoken
is
like
says
something
about
someone
we're
being
not
being
well
spoken
doesn't,
and
it's
not
really
that
same
so
just
being
aware
of
the
different
power
dynamics
is
really
helpful
there,
but
yeah
there's
a
lot
of
different
microaggressions.
The
main
thing
that
if
I,
could
like
give
your
take
away
from
environmental
safety
is
when
something
is
unsafe
for
someone
a
you
believe
them
that
it's
unsafe
and
B.
AD
You
speak
up,
especially
if
you're
in
the
group
that
has
the
most
power
speaking
up
is
the
most
important
thing
that
you
can
do
at
that
moment.
So,
okay,
so
another
step
for
being
a
hero
is
to
remove,
reflect
and
retain,
and
these
are
like
removing
unnecessarily
biased
language
from
job
descriptions.
It
helps.
This
is
a
big
thing
in
web
2,
remote
3..
AD
We
moved
based
biased
requirements
for
jobs
such
as
grade
level
backgrounds.
Different
types
of
location
preferences
can
also
be
like
that
or
any
type
of
vague
requirements.
So
one
of
the
ways
that
that
had
came
up
before
was
like
we
used
to
have
a
hiring
bar
for
engineers
and
be
like.
Oh,
this
person
types
slow,
and
so
they
shouldn't
get
be
onboarded,
but
then
we
had
someone
else
that
typed
slow
and
was
onboarded,
so
we
were
like
well
what
is
type
slow
like
what?
What
does
that
mean
and
how?
AD
AD
AD
AD
Yeah
yep:
let's
see,
if
there's
anything
else,
there.
AD
I
also
think
like
building
the
right
tools
for
the
system,
I'm
like
well,
what's
the
right
tools
that
seems
very
subjective
as
well
okay,
so
this
is
a
little
bit
more
of
an
inclusive
statement,
they're
trying
to
be
a
little
bit
more
inclusive.
Is
there
any
type
of
inclusive
statement
there
that
stands
out
to
you,
yep.
AF
Well,
I
can
compare
to
the
other
one.
If
this
is
a
job
requirement
section,
the
header
was
what.
B
AD
AD
For
future
Council
nice
all
right,
there
was
a
mention
about
requirements
and
the
list
of
requirements
and
I
just
wanted
to
like
highlight
one
thing
when
it
comes
to
requirements
and
how
it's
perceived
by
different
types
of
gender.
Specifically
here
when
it
comes
to
men,
men
will
see
the
list
of
requirements
and
meet
30
of
them
and
apply
for
the
job,
and
women
will
see
the
list
of
requirements
and
apply
for
the
job
after
they've
met
70
of
the
requirements.
AD
So
there
is
a
section
of
like
self-weeding
out
that's
happening
when
it
comes
to
requirements,
if
you're
just
listing
requirements
and
not
being
inclusive
right
from
the
get-go.
So
if
you're
thinking
about
like,
why
don't
we
have
more
women
like
in
our
org?
You
might
want
to
start
by
looking
at
like
how
are
you
listing
what
what
you
want
to
come
into
the
org
itself.
AD
AD
Okay,
now
we
get
to
reflect
and
reflect
sometimes
comes
in
reporting.
It
can
come
in
roles,
it
can
become
responsibilities
and
transparency.
So
this
actually
was
a
web
three
statement
that
came
out
and
it
was
like
super
applauded,
which
is
cool
and
it's
like
Yay,
the
building,
more
inclusive
Financial
systems
and
they're,
happy
to
report
that
there's
50,
more
or
50
50
parity
at
the
location,
but
I
just
didn't
want
I
didn't
know
if
any
of
y'all
saw
any
problems
with
this
foreign.
AD
No
Legend
there's
no
like
yeah
yeah.
That
was
really
all
of
it
and
I
honestly
I'm,
like
I,
don't
think
anyone's
doing
great,
so
I'm
like
really
not
keen
to
give
anyone
a
pat
on
the
back,
but
I
really
don't
like
people
giving
themselves
a
pad
in
the
back,
so
I
think
the
the
sense
is
like
we
can
always
go
better.
AD
Also
by
saying
like
yeah,
we're
at
50
50
parody
with
women
to
men.
It
really
doesn't
show
like
racial
breakdown
within
the
women,
so
there
still
could
be.
A
lot
of
power
dynamics
are
at
play
there
too.
So
I
had
a
lot
of
issues
with
this
one
specifically,
but
I
had
done
reporting
back
when
I
was
at
Square
back
in
the
day,
and
so
I'll
share
a
little
bit
of
our
pitfalls
that
we
had
too
I'm
not
a
huge
fan
of
reporting.
AD
Oddly
enough
because
I
feel
like
it
makes
people,
it
reduces
people
back
down
to
numbers
and
it
doesn't
really
give
us
a
whole
perspective
of
the
health
of
the
organization
itself.
AD
It
also
was
really
difficult
when
we
followed
the
actual,
like
guide
on
how
to
report
your
numbers.
It
didn't
deal
with
any
type
of
inner
intersectionality.
So
if
you
were
dealing
with
like
racial
reporting
like
you
had
to
choose,
if
you're
a
mixed
person,
you
had
to
choose
one
side
like
you
had
to
choose
one
side
of
your
identity
and
I.
Just
it
wasn't
very,
truly
reflective.
AD
AD
And
if
you
can
do
it
that
way,
you
can
keep
the
focus
on
removing
barriers,
and
that
is
like
what
you're
tied
to
okay.
Oddly
enough
I
think
this
is
the
most
important
piece
of
Dee
and
I.
We
always
talk
about
recruitment,
recruitment,
recruitment,
but
a
lot
of
discussions
never
talked
about
why
certain
groups
are
leaving,
and
that
is
usually
the
bigger
question.
AD
So,
yes,
you
can
attract
as
many
different
types
of
people
to
your
org,
but
if
they're
leaving
right
away
or
not
having
a
great
time,
I
think
it's
more
important
for
you
to
figure
out
why
that
is
and
what
it
might
be
like
a
toxic
place
to
work
or
a
place
where
you
could
make
it
people
more
comfortable.
So
in
the
web,
three
space
I
think
like
we
do
a
great
we
do.
AD
A
job
of
attracting
people
to
there
are
orgs
that
do
a
great
job
of
attracting
people
too,
but
it's
on
to
us
to
also
figure
out
how
we
retain
them
and
Empower
them
in
the
space
to
do
the
work
that
they
want
to
do
so
the
attention
can
be
double
checking
salary
levels.
It
can
be
a
transparency
with
salary
compensation.
It
can
be
looking
at
different
policies
and
seeing
if
their
policies
actually
Empower
different
Community
groups.
If
you
have
maternity
leave
and
don't
opportunity,
leave
that
could
be
a
problem.
AD
It
can
just
look
at
looking
at
a
lot
of
the
policies
you
have
in
place.
If
you
have
questions
about
policy,
actually
low
is
really
good.
She
was
on
our
people
team
at
get
clean,
and
she
was
really
good
at
trying
to
kind
of
go
through
a
phone
fine-tooth
comb
with
our
policies
and
seeing
if
it's
as
inclusive
as
it
could
be.
AD
Okay,
so
now
that
we
got
through
the
r
and
heroes
we're
going
to
go
with,
oh
and
thinking
o
is
sinking
outside
of
the
box
a
lot
of
times
within
web3
or
within
web
2.
Even
we
talk
about
like
oh
there's,
no
x,
y
and
z,
type
of
people
in
the
org.
It's
because
we
can't
find
them
and
then
you're.
Only
looking
within
your
own
network
and
you're,
not
going
outside
of
the
box,
go
outside
the
box.
AD
It's
always
fine
find
the
people
where
they
are
there's
lots
of
orgs
that
have
you
know:
women
Engineers
women
in
crypto,
women
in
stem
black
and
stem
black
and
crypto
like
through
all
these
different
orgs
out
there
that
are
different
groups
marginalized
or
are
empowered
in
and
you
can
go,
engage
with
those
groups
fund
those
groups
and
work
with
those
groups
in
order
to
not
only
again
attract
but
also
see
like
how
can
we
retain
the
ones
that
we
have
here
engaging
with
Partnerships?
There
would
be
regularly
great
I
know.
AD
Mag
is
in
the
room
and
I
know
that
there
are
other
people
in
the
room
that
are
also
Leaders
with
a
different
dni
groups,
so
hearing
their
perspectives
and
engaging
in
them
in
a
way.
That's
not
like
how
can
we
just
Source
Talent,
but
also?
How
can
we
like?
How
can
we
get
the
knowledge
that
you
have
and
and
shared
with
us,
but
also?
AD
How
can
we
fund
the
mission
that
you're
doing
is
also
extremely
important,
so
I
will
give
you
an
opportunity
to
put
your
money
where
your
mouth
is
and
that
is
and
get
coins
dni
rounds.
This
is
a
very
easy
way
for
you
to
fund
different
groups
that
are
in
this
dni
space
within
web.
Three
there's
two
ways
you
can
do
it
one
is
to
encourage
them
to
apply
to
be
a
grantee
in
this
space
and
then
the
other
way
is
to
fund
them
this.
AD
So
if
we
can
start
to
fund
those
groups,
it's
going
to
be
much
more
impactful
in
the
space
and
funding
in
a
way.
That's
like
not
conditional
so
like
not
in
the
way
that,
like
I,
have
a
hundred
thousand
dollars
I
want
you
to
go
to
the
school
and
get
all
the
women
that
are
in
that
school
bus,
saying
hey.
What
do
you
need
and
how
can
I
write
the
check
to
best
amplify
your
work?
That's
the
more
important
thing.
AD
You
have
to
believe
that
the
people
who
are
doing
the
work
know
the
work
that
they
need
to
do
and
the
most
biggest
barrier
that
they
have
to.
That
is
really
just
the
financial
barrier.
That's
been
placed
and
usually
not
on
them.
If
you're
asking
a
group
of
like
male
VCS
and
having
them
like
wanting
to
fund
women's
work,
and
then
I
have
to
explain
to
you
why
it's
important
for
women
to
be
doing
this
stuff
and
you're
like
I,
don't
get
it!
It's
probably
not
me
explaining
it
to
you.
AD
You
might
just
not
get
it
from
your
perspective.
So
it's
much
more
important
to
say,
hey.
What
can
I
do
to
invest
in
y'all
to
do
the
work
and
then
appreciate
it
other
things
you
need
to
do
if
you're,
in
a
place
where
you
can
hire
a
dni
team
or
a
role,
do
that
you
probably
need
it
now
and
don't
really
even
know
it,
but
they
have
a
champion
team.
Have
a
person
dealing
with
it
right
now
with
as
much
money
that
we're
falling
around
doing
you
know
Swag
and
everything
else.
AD
You
could
probably
like
fund
one
person
on
your
team
to
actually
take
this
on
and
Empower
them
to
make
the
changes
that
they
need
to
make
okay,
so
I
will
give
you
an
opportunity.
These
are
the
ones
that
I
know
that
you
can
actually
find
with,
but
I
also
know
it
is
not
an
inclusive
list.
So
if
you
know
one
that
I
should
know,
you
can
do
one
of
two
things.
You
can
a
tweet
at
me
and
say:
hey
Gloria,
you
should
know
this
group
and
then
I
will
continue
to
build
up
the
list.
AD
Another
thing
is
when
we
start
to
break
out
into
teams,
I
would
love
a
team
that
would
just
take
on
the
challenge
of
saying:
hey,
let's
create
a
doc
that
has,
as
many
of
these
dni
and
web3
lists,
that
we
can
and
then
we'll
just
share
the
doc
after
the
session,
and
that
will
be
one
of
the
takeaways
from
the
session
too
so
yeah,
whatever
ones
that
you
know
like,
please
feel
free
to
amplify
them.
You
can
amplify
themselves,
so
you
can
do
it
that
way
too.
AD
The
s
in
arrows
and
the
heroes
is
for
shout
out
it's
and
it's
for
support
the
other
way
that
you
can
shout
out
and
actually
kind
of
transits.
This
whole
power
Dynamic
is
also
to
amplify
someone
who
is
not
like
you,
who
does
your
work
doing
the
work
that
they
that
use
you,
because
a
lot
of
times
the
people
who
are
are
in
the
oppressed
group,
their
work
does
not
go
noticed,
so
whatever
you
can
do
to
amplify.
The
work
of
the
oppressed
group
is
absolutely
amazing,
too.
AD
So
if
there
are
like
people
who
are
let's
say,
working
in
layer
ones,
let's
just
say
no
hold
on
people
who
work
yeah,
let's
just
say
the
layer
ones,
and
there
are
like
great
women
in
layer
ones
that
we
should
be
following
that
have
actual
technical
skills
or
that
people
should
know
about
it.
Let's
just
create
a
list
of
the
50
women
working
on
layer,
ones
that
you
should
know
about.
There's
no
reason
we
can't
get
all
their
Twitter
names
and
send
that
out
by
the
end
of
the
conference.
AD
AD
All
right
so
usually
I
say
do
the
work.
Do
the
work
is
the
most
important
thing
in
this
time.
Do
the
work
for
these
oppressed
groups
and
not
expect
a
pressed
group
to
do
the
work
for
you,
and
so
during
the
remaining
time
that
we
have
in
this
Workshop
I'm
going
to
give
you
the
opportunity
to
do
the
work.
The
do
the
work
is
going
to
come
in
multiple
different
ways.
If
you
want
to
do
the
work
soloely,
you
can
take
the
privilege
test.
The
privilege
test
is
a
buzzfeed
test
on
privilege.
AD
It
kind
of
is
great
to
see
like
where
you
have
privilege
the
different
types
of
privileges,
things
of
that
nature.
Then
there's
the
Harvard
implicit
bias
test.
You
can
do
that
work
as
well,
then.
AD
The
other
thing
that
you
can
do
is
to
double
check
your
code
of
conduct
at
your
work
and
see,
if
there's
actual
procedures
that
are
in
place
in
order
to
move
forward,
you
can
look
at
your
diverse
roles
and
mods
and
see
if
there
is
diversity
in
your
mods
and
your
stewards
in
your
board
and
recommend
someone
and
the
other
one
you
can
do
is
donate
to
a
grant
round.
AD
We
talked
about
Twitter
amplification,
but
the
biggest
thing
that
I
would
ask
today
like
if
I
could
have
NS
work
on
anything
is
there
has
been
an
issue
for
a
group.
That's
been
oppressed
and
feeling
very
unsafe
here
at
Devcon
and
I
would
really
like
a
group
of
us
to
think
of
a
way
that
we
can
keep
people
safe
here
for
the
remaining
of
the
two
days
and
what
that
would
look
like.
AD
So
if
you
want
to
try
to
think
out
ways
that
we
can
keep
people
safe
for
the
remaining
of
the
time
at
Devcon,
while
we're
here,
there's
will
be
a
group
that
will
go
ahead
and
brainstorm.
That
I
don't
mind
if
it's
like
hacker
style
or
unconference
style,
where
we
either
have
to
like
get
a
list
or
have
a
board
or
have
some
type
of
way
to
like
report
when
people
feel
unsafe
and
have
an
actual
follow-through.
But
if
that's
something
you
want
to
tackle,
we
can
tackle
that
so
other
than
that
too.
AD
If
you
all
think
of
anything
else
that
you
want
to
tackle,
that's
fine,
unconference
style
means
that
there's
white
boards
and
there's
pens
and
there's
Post-its
notes,
and
if
you
want
to
like
create
a
list
of
the
50
black
people
and
web3
that
you
should
follow.
You
can
do
that
if
you
want
to
do
any
type
of
things,
if
you
have
an
idea
I'm
more
than
happy
to
hand
over
the
mic,
you
can
pitch
your
idea
and
people
can
start
working
together
on
that
Colton
yeah.
I
AD
AD
AD
Because
I'll
throw
some
out
all
right
all
right,
let's
say
if
you
want
to
take
the
privilege
test,
I'm
going
to
put
it
back
in
the
back
corner
right.
There
I'll
tell
you
how
to
get
onto
that
site.
If
you
want
to
explore
safety
at
Defcon,
I'm
going
to
keep
lowie
here
and
you
can
hang
out
with
Louie
I
trust
you
to
explore
that
that
would
be
good.
AD
If
you
would
like
to
make
a
list
or
Twitter
list
of
people,
we
should
follow
of
different
types
of
dni
background.
Let's
try.
Do
you
mind
being
Latin
m
in
the
back
all
right,
let's
see,
can
we
get
a
black
at
one
that
will
give
us
a
blackout
list
cash?
You
want
to
take
that
one
all
right,
cool
cash
will
keep
that
there
women
do
you
want
to
do
a
women
list.
Maggie
can
I
keep
you
in
charge
of
the
women
to
follow
the
list,
awesome,
neurodivergent
or
LGBT.
AD
AC
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
AD
Just
a
FYI,
so
we
have
this.
The
next
Workshop
starts
in
10
minutes,
but
if
you
want
to
carry
on
the
conversation
or
keep
going
feel
free
to
use
that
time
up
till
then
she
won't
start
till
then,
but
as
for
me,
I
am
definitely
all
done
and
I
would
love
for
you
to
keep
working.
If
you
want
to
share
what
you're
working
with
me,
I
will
send
it
out
or
if
you
have
anything
tangible
I'll,
make
sure
to
share
it
with
everybody
too.
AD
I
I
I
AH
AH
AH
Yeah
Society,
yeah,
okay,
cool
and
so
who
here
came.
AH
Okay
so
a
little
bit
of
a
change
in
the
program,
and
but
it's
actually
not
so
much
of
a
change
in
a
lot
of
ways.
I
think
public
infrastructure
is
the
first
non-financial
residence.
AI
AH
Okay,
so
in
many
ways
I
think
non-financial
use
cases.
The
first
non-financial
use
case
for
blockchains
is
actually
public
infrastructure.
So,
and
it's
it's
important
that
we
think
about
in
this
use
case
what
neutrality
means
and
what
decentralization
means.
So
the
the
program
has
changed
a
little
bit
and
we're
going
to
talk
about
that.
Get
us
started.
AJ
Clicker
is
not
super
working,
but
okay,
so,
as
Puja
was
saying
we're
here
to
talk
about
digital
infrastructure,
and
what
does
that
mean
not
only
in
the
blockchain
space,
there
are
all
kinds
of
digital
infrastructure,
but
of
course,
ethereum
is
often
envisioned
as
a
potential
digital
public
infrastructure
that
can
be
used
ubiquitously
around
the
world.
So
the
idea
is
to
do
some
collective
deliberation
together
on
what
does
that
mean
and
what
are
some
of
the
requirements
for
protocols
in
standards
that
are
serving
this
function?
AJ
So
the
agenda
for
today
is
we're
going
to
kick
start
this
with
two
short
talks.
AJ
First
Puja
is
going
to
talk
about
decentralization
and
then
Glenn
is
going
to
talk
about
different
approaches
to
neutrality
and
what
are
some
of
the
conflicts
between
them
and
after
that,
if
the
slides
work,
we're
going
to
use
a
tool
called
police
to
do
a
deliberation
together,
and
these
two
I'll
explain
this
to
you
in
a
moment,
but
it's
a
tool
that
uses
Advanced
statistics
and
machine
learning
to
gained
some
nuanced
insights
in
a
digital
conversation
and
so
we'll.
AJ
Take
these
insights
then
we'll
have
an
in-person
discussion,
since
that's
the
benefit
of
being
here
at
Devcon
and
we'll
come
back
to
police,
we'll
do
one
one
more
iteration
reflecting
some
of
the
learnings
and
then
we'll
look
at
the
results
together.
So
in
essence,
this
is
going
to
be
a
an
exercise
in
deliberation
about
digital
infrastructure,
so
hand
it
over
to
Puja
to
get
us
started.
AH
Okay,
great
I
like
to
walk
around
when
I
talk,
so
as
I
said,
I
want
to
talk
about
first
decentralization
and.
AH
Okay,
great
and
and
Glenn
will
follow
up
with
a
prompt
on
neutrality.
So
because
not
everybody
has
read
the
paper.
I
want
to
kind
of
give
first
principles
of
how
I
think
about
decentralized,
decentralization
and
really.
The
question
is:
how
do
we
build
bottom-up
decentralized
networks
and
there
are
all
kinds
of
like
networks
right.
We
have
energy
infrastructure,
we
have
physical
networks,
we
have
Internet
infrastructure,
internet
Network
starlink.
We
also
have
blockchains,
we
have
social
media,
these
are
all
Networks
and
the
question
is
oops.
AH
AH
That
is
how
I
have
conceptualized
the
question
of
decentralization
doing
this
in
a
decentralized
way.
How
does
this
work?
So?
What
do
we
before
give
like
a
kind
of
first
articulation
of
the
principle?
Let's
just
pump
our
intuitions
and
think
about
what
do
we
not
mean
by
decentralization?
So
you
know
an
autocrat
controlling
energy
infrastructure,
not
decentralization
a
benevolent
entrepreneur
controlling
internet
infrastructure,
not
great
either.
AH
You
know
a
group
of
sort
of
mining
pools
that
control
a
lot
of
mining
power,
hash
power
or
stake
not
great
for
decentralization,
and
you
know
corporate
monopolies
not
great
for
decentralization
and,
of
course,
there's
political
centralization
as
well,
and
you
know,
there's
tyranny
of
the
majority
which
we're
all
familiar
with
in
the
Civil
Rights
Movement,
there's:
tyranny
of
political
Elite
and
technocratic
Elite
and
there's
also
a
tyranny
of
a
cultural
Elite
that
can
enforce
their
norms
and
language
Norms
on
people
who,
don't
necessarily
you
know,
agree.
AH
But
I
think
decentralization
is
a
much
more
subtle
question,
because
we
also
have
very
very
tacit
and
subtle
what
I
call
accidental
over
coordination
because
of
correlated
interests-
and
we
see
this
in
particular
and
very
acutely
and
Glenn
was
the
first
one
who
brought
this
to
my
attention
in
his
book:
radical
markets
in
traditional
financial
markets
and
so
in
traditional
markets,
a
lot
of
people.
AH
You
know
if
you're,
a
retail
investor
you
give
your
money
to
an
asset
manager
like
BlackRock
and
Fidelity,
and
what
that
asset
manager
will
do
will
buy
steaks
across
rivals
in
a
particular
industry.
So
say
steaks
across
like
every
Airline
right,
but
in
doing
that
they
have
an
incentive
to
vote
as
a
shareholder
to
pressure
CEOs
to
take
anti-competitive
practices.
Lower
prices.
AH
AH
So
using
this
to
pump
our
intuitions
one
of
the
principles
we
articulated
in
the
dsoc
paper
was
this
principle
of
consensus
across
difference,
and
the
idea
of
consensus
across
difference
is
that
you
rather
get
consensus
between
differently,
Affiliated
people
or
just
very
different
people
to
surface
consensus,
and
that
would
be
a
better
signal
of
a
plural,
shared
good
across
broader
groups
than
say
consensus
amongst
a
narrow
group
of
individuals
who
might
be
sort
of
intentionally,
including
or
accidentally
over,
coordinating
in
the
way
the
the
BlackRock
and
Fidelity
example.
Illustrated.
AH
AI
You
can't
just
make
one
comments:
I
actually
think
you're
highlighting
a
good
thing,
which
is
that
the
point
of
pluralism
is
simultaneously
identifying
areas
of
cooperation
across
difference
and
identifying
the
areas
of
difference
so,
like
you
can't
have
one
without
the
other
in
in
the
dance
of
decentralization
and
pluralism,
and
we're
going
to
talk
about
that
like
we're,
going
to
highlight
that
in
the
exercise,
we're
going
to
do
later,
so
I
think
both
are
like
really
important.
Yeah.
AH
I'll
say
this
like
a
lot
of
a
lot
of
discussion,
and
a
lot
of
memes
in
crypto
are
about
coordination
cooperation,
but
they
don't
really
address
the
question
of
conflict
right
and
so.
Consensus
across
difference
is
a
principle
that
highlights
and
services
like
our
differences.
Ripa
finds
those
consensus
amongst
the
most
diversely
affiliated.
AH
So
how
did
we
as
a
first
approximation
Express
this
principle
in
the
paper?
Well,
we
first
introduced
this
primitive,
called
Soul,
bound
tokens
or
non-transferable
nfts
to
represent
memberships
to
social
groups
or
represent
affiliations,
and
then,
as
a
second
step,
we
propose
this
mechanism
of
using
quadratic
voting
or
funding
how
many
people
have
heard
of
quadratic
voting
and
funding
just
raise
your
hand.
AH
Okay,
so
you're
familiar
right
and
the
nice
thing
about
this
mechanism
is
it
you
know,
reflects
a
magnitude
not
just
direction
of
individual
preferences
encounters
some
tyranny
of
the
majority,
but,
as
sort
of
the
BlackRock
example
highlights,
you
know
where
individuals
or
social
beings
we're
in
groups
were
sometimes
intentionally,
including
sometimes
were
accidentally
over
coordinating,
and
you
need
to
Discount
the
influence
of
correlated
social
groups
or
in
the
kind
of
spirit
of
quadratic
funding
and
voting
take
a
square
root
over
the
social
group,
and
this
gives
us
a
kind
of
digressive
proportionality
which
we
want,
because
otherwise
coordinated
groups
tend
to
drown
out.
AH
You
know
less
coordinated
groups
in
voice,
so
to
kind
of
summarize
to
get
us
our
bottom-up
coordination.
The
mechanism
we
proposed
is
well,
first
of
all,
seeing
individuals
as
nested
in
their
communities
and
communities
being
constituted
of
their
individuals
and
capturing
the
intensity
of
individual
preferences,
with
quadratic
funding
and
voting,
but
also
discounting
correlations
and
say
over
coordination,
accident
and
or
intentional,
with
social
correlation
discounts
and
with
this
mechanism.
AH
What
we're
hoping
to
do-
and
this
is
again
just
a
first
approximation-
is
to
get
this
kind
of
nice
intersecting,
partially
nested
structure
of
ever-going
network
cooperation
extending
across
you
know,
digital
and
physical
infrastructure
and
importantly,
a
a
a
paradigm
where
power
is
not
discrete.
It's
not
binary,
it's
not
rigid,
but
rather
continuous,
partial
and
recomposing
and
fluid.
AH
So
this
is
a
broad
and
very
broad,
strokes
and
explanation
of
you
know
the
conception
of
decentralization
that
we've
ushered
for
it.
I'm
going
to
hand
it
over
to
Glenn
now
and
he's
going
to
talk
about
reconciling
this
with
neutrality
and
start
pumping
our
intuitions
there
and
asking
us
important
questions.
AI
So
Puja
did
a
beautiful
job,
but
went
quite
quickly
over
this
notion
of
digressive
proportionality
and
I
want
to
sort
of
ease
into
it
by
just
like
pressuring
some
things
that
sound
natural
but
are
all
contradictory
with
each
other.
So
they
sort
of
create
a
paradox
that
forces
us
to
think
a
step
later.
Is
there
a
slide
for
this
Pooja
on
the
neutrality
stuff
or
yeah
yeah
Okay?
B
AI
For
but
like
actually
can't
be
consistent
with
each
other,
it's
like
one
notion
of
neutrality
is
like
every
country
should
be
treated
the
same,
but
but
then
you're
like
well.
What
about
some
countries
are
much
bigger
than
others,
and
maybe
some
countries
are
much
richer
than
others
and
oh
well,
I,
don't
know
okay
and
then,
like
resources
should
be
treated
the
same
like
packets
of
information
or
units
of
compute
or
units
of
stake
should
all
be
treated
symmetrically.
AI
But
wait
like
some
people
have
a
lot
more
of
that
than
other
people,
and
is
that
fair
and
like
maybe
it's
concentrated
in
certain
countries,
and
maybe
those
countries
are
all
really
coordinated?
Maybe
that's
not
good,
and
then
the
US
and
China
will
just
dominate
everyone
and
and
then
like
another
version
is
individuals.
So,
like
proof
of
personhood
people
are
like
really
into
like
you
know,
every
person
should
have
the
same
rights,
and
you
know
it's
really
unfair.
The
Electoral
College
gives
more
like
voice
to
certain
people
and
and
whatever,
but
then
you're
like.
AI
Oh,
but
like
you
know
what,
if
that
just
leads
like
the
majority
of
white
people
to
totally
screw
over
black
people
in
the
U.S
or,
like
you,
know,
Hindus,
and
you
know
Muslims
in
India
and
and
like
well,
we
also
care
about
resources
as
well,
and
we
care
about
what
countries
people
so
anyways.
The
point
is
that
there's
a
bunch
of
different
Notions
of
neutrality,
that
we
invoke
in
different
contexts,
often
very
similar
contexts
and
that
are
like
pretty
directly
in
conflict
with
each
other
and
I.
AI
AI
So
what
what
Lionel
Penrose
said
is
that
if
you
have
coordinated
correlated
things
and
then
a
bunch
of
uncoordinated
things,
the
coordinated
things
get
heard
much
more
than
proportional
to
like
how
loud
they
speak
or
How
much
votes
they
have
or
whatever
and,
and
that
comes
from
a
very
basic
statistical
principle,
which
is
if
they,
you
have
uncorrelated
things.
They
tend
to
cancel
each
other
out
and
so
like
their
aggregate
size
only
grows.
AI
As
the
square
root
of
the
number
of
uncorrelated
things,
whereas
a
single
correlated
thing
that
scales
up
grows
linearly
in
its
strength
and
that
might
sound
like
a
little
bit
abstract
statistics,
but
like
it's
something
that
literally,
you
can
just
recognize
from
dinner
conversation
so
like.
If
you
go
to
a
crowded
restaurant,
there
will
be
all
sorts
of
people
talking
right
and
like
the
total
volume
of
all
the
people,
talking
will
be
like
massively
louder
than
the
person
you're
trying
to
listen
to
next
to
you.
AI
And
yet
somehow
you
can
still
hear
that
person,
because
they're
just
slightly
louder
than
any
of
the
individual.
Other
voices
and
your
brain,
like
the
whole
mechanism
of
noise,
is
to
like
take
things
that
are
uncoordinated
and
a
little
bit
softer
and
cancel
them
out
and
like
have
that
one
coordinated
thing,
that's
slightly
louder,
stick
out
right
and
so
Penrose
originally
applied
this
as
a
way
to
think
about
how
votes
should
be
given
to
countries
or
you
know,
provinces
within
a
federal
union
based
on
the
population
of
the
sub
unit.
AI
So
he
said:
no,
it
shouldn't
be
neutral
across
people,
because
those
people
are
coordinated
with
each
other
by
their
joint
membership
of
the
country
or
the
subunit,
and
no,
it
shouldn't
be
neutral
across
the
units,
because
units
have
different
numbers
of
people
in
them.
Instead,
the
right
principle
is
digressive
proportionality,
which
is
that
the
allocation
should
be
based
on
the
square
root
of
the
number
of
people
within
the
country.
AI
AI
So
the
nice
treaty,
the
the
Polish
delegation
of
the
European
Union,
proposed
that
they
should
literally
use
the
square
root,
but
people
thought
that
was
weird
or
whatever,
and
so
it
turns
out
that
they
put
in
a
system
where,
like,
if
you
look
at
the
correlation
between
the
square
root
and
the
number
of
like
votes
allocated,
it's
like
a
99
correlation
to
that
rule,
but
it
doesn't
literally
use
that
rule
because
people
thought
that
was
too
nerdy
but
anyway.
Basically,
that's
the
principle.
AI
That's
been
used
by
the
European
Union
and
the
the
thing
is
like
quadratic
voting
is
just
another
application
of
that
same
principle.
AI
S
AI
AJ
Yes,
and
as
we
continue
groping
our
way
forward,
we'll
have
a
deliberation
together
here
about
about
what
he
means
and
how
should
we
be
thinking
about
digital
infrastructure,
so
we're
going
to
do
that
using
a
tool
called
polis,
which
is
a
plural
social
technology.
So
I'll
just
take
a
moment
to
explain
what
we
mean
by
that.
So
social
Technologies
are
voting
public
goods
funding,
identity,
money.
AJ
These
are
all
tools
that
we
use
to
relate
to
each
other
and
coordinate
in
society,
and
what
we're
doing
at
radical
exchange
is
we're
trying
to
bring
about
a
new
paradigm
for
technology
that
has
a
philosophy
underlying
it,
and
that
philosophy
is
the
philosophy
of
plurality.
So
I
want
a
go
too
much
into
it,
but
when
we're
instantiating,
pluralistic
social
philosophy
in
technology,
there
are
two
things
that
we
want
to
be
looking
for.
AJ
One
is
we
want
technologies
that
help
recognize
and
sort
of
provide
better
resolution
into
the
different
social
Dimensions
that
exist
within
a
community,
and
then
we
want
Technologies
to
also
Foster
cooperation
across
social
difference,
and
sometimes
that
means
fostering
or
Illuminating
the
points
of
common
ground,
and
sometimes
that
means
Illuminating.
The
points
of
Divergence
so
that
they
can
be
worked
out
so
police
is
a
very
simple
tool
but
before
I
give
this
explanation.
AJ
Does
everyone
have
it
okay,
so
okay,
so
what
is
polis
now.
AI
AJ
Okay,
well
Workshop
Wi-Fi,
password.
AJ
Thanks
Sherry,
okay,
so
no
need
to
go
into
it.
Right
now
come
back
here
now,
I'll
just
tell
you
a
little
bit
about
this
too
and
then
we'll
start
exploring
it
together.
AJ
So
the
first
thing
is
that
it
starts
with
an
open
question
and
then
the
participants
can
write
statements
in
response
to
it,
and
each
statement
will
generate
a
card
like
this,
and
the
other
participants
are
going
to
be
able
to
agree,
disagree
or
pass
each
of
the
comments,
and
then
what
police
does
is
that
it
takes
all
of
that
data,
and
then
it
clusters
all
of
the
participants
into
different
opinion
bubbles.
So,
according
to
the
opinion,
bubbles
are
defined
according
to
how.
Similarly,
these
people
voted.
AJ
So
you
can
see
what
are
the
different
social
dimensions
and
dimensions
of
opinions
within
a
group
and
then
the
last
thing
that
it
does
is
that
it
brings
to
the
surface.
What
are
the
points
of
common
ground
that
these
groups
that
have
diverging
views
share?
So
one
example
of
how
this
has
been
used
in
the
past
is
in
Taiwan.
This
is
used
in
Taiwan
at
the
national
level
and
they
use
it.
AJ
A
few
years
ago
to
try
to
understand
how
to
regulate
ride,
sharing
companies,
so
in
Brazil,
where
I'm
from
this
was
a
super
polarized
debate
and
I'm
sharing
many
other
places
and
there
it
was
as
well,
and
there
was
a
strong
Pro,
Uber
Camp
strong
anti-over
camp
and
then
what
police
did
there.
But
its
surface
was
just
good
common
sense,
so
the
things
that
came
up
were
that
taxi
cab
should
no
longer
be
orange.
AJ
Everyone
agreed
to
that
before
they
had
to
be
orange
in
Taiwan
that
this
was
an
opportunity
to
review
a
passenger
safety
regulations
in
questions
of
liability
insurance.
So
just
good
common
sense
that
usually
in
the
technologies
that
we
use,
we
don't
have
that
we
have
the
exact
opposite.
We
have
the
polarizing
statements
are
the
ones
that
come
to
the
surface
and
we
we
are
stuck
in
our
ability
to
to
come
together
and
debate
productively
as
a
society.
AJ
So
this
this
is
an
example
of
a
plural
of
social
technology
and
we're
going
to
experiment
with
it
together.
Right
now-
and
this
is
our
question,
how
should
we
think
about
neutrality
in
digital
infrastructure?
So
the
first
thing
that
we'll
do
is
we'll
take
five
minutes
to
evaluate
some
of
the
comments
that
are
already
there.
So
you
can
go
to
the
link
and
then
I'll
be
back
with
you
in
a
moment.
AJ
AJ
AJ
AJ
AJ
All
right
so
we'll
now
move
to
the
next
step,
which
is
sorry
for
the
next
five
minutes,
we'll
add
new
statements.
So
here's
what
makes
a
good
statement
for
this
exercise.
The
first
thing
is
that
it
needs
to
be
a
standalone
idea,
because
if
you
have
two
ideas
in
one
statement,
then
the
other
participants
won't
be
able
to
evaluate
them.
They
might
agree
with
one
and
disagree
with
others
so
complicated.
So
one
idea
per
statement.
AJ
AJ
I
AJ
Foreign
who
needs
more
time
to
add
their
statements,
can
you
raise
your
hands?
No,
so
we're
pretty
done
so
now,
just
let's
evaluate
each
other's
statements.
So,
let's
take
five
to
seven
to
seven
minutes
to
do
that.
AJ
AJ
AJ
E
AI
AJ
AI
E
E
AJ
Okay,
so
now
let's
look
at
our
report
and
then
police
generates
a
lot
of
data.
AJ
Okay,
so
we
had
five
groups
and
then
he
collapsed
into
two
groups.
Super
interesting
and
so
police
generates
a
lot
of
data
and
we
won't
be
able
to
have
a
super
sort
of
in-depth
analysis,
but
we'll
present
the
structure
of
the
report
and
see
what
are
some
of
the
high
level
insights
that
police
provided
to
us.
So
to
the
folks
back
there
El
supportive
technical
hola
link,
perfect.
AJ
AJ
No
you're
not
controlling
it,
you're
you're
the
same.
So
it's
it's
okay!
So
so,
let's
first
look
at
some
some
of
the
obvious
things.
So
we.
AI
AI
AJ
So,
let's,
let's
first
look
into
this
structure
and
and
then
we'll
get
to
to
some
of
the
insights
later.
So
the
first
thing
that
it
does
is
here's
some
data,
118
people
voted
and
out
of
that
group
109
were
clustered
into
different
opinion
bubbles.
We
had
3
800
votes,
evaluations
of
statements,
78
statements,
38
votes
per
person,
so
you
got
to
a
little
less
than
half
of
the
statements,
but
there's
probably
many
redundant
statements,
so
it
shouldn't
be
so
bad
and
then,
if
you
can
put
it.
AJ
So
here,
police
is
putting
each
state
each
state.
Each
of
these
dots
corresponds
to
a
statement
and
it's
putting
all
of
the
statements
on
a
spectrum
from
consensus
statements
to
divisive
statements
and,
as
you
can
see,
we
have
a
lot
more
consensus
than
the
than
divisiveness.
So
it's
just
one
thing
that
is
interesting
to
notice
is
how
social
media
distorts
that
picture.
For
us,
it
makes
us
believe
that
we
have
a
lot
more
divisions,
but
really
we
have
a
lot
more
consensus,
so.
AJ
Okay,
let's
see
what's
the
most
divisive
statement,
neutrality
means
treating
every
country
the
same,
even
if
one
country
is
richer
than
the
other
in
an
otroponomous.
AJ
Means
treating
every
unique
person
the
same
neutrality
means
treating
every
blockchain
and
protocol
the
same
in
enabling
interoperability
between
them.
So
these
are
getting
to
sort
of
similar
things
and,
as
you
can
see
what
police
is
doing
now
we
have
three
groups
very
dynamically
changing
so
group
a
has
44
people,
Group
B
has
26
people
and
Group
C
has
39
people
and
on
group
a
which
has
44
65
percent
of
of
the
members
of
group,
a
agreed
with
it.
Why?
AJ
Whereas
everyone
on
Group
B
disagreed
with
it
and
the
majority,
the
large
majority
of
people
in
group
C
disagrees
with
it.
So
here
it's
it's
an
example
of
like
surfacing.
What
are
the
areas
of
divisiveness
and
the
importance
of
sort
of
Illuminating?
What
are
the
points
of
conflict,
because
this
gives
a
clear
opportunity
to
have
a
more
informed
conversation
about
this
specific
topic?
Why
is
it
that
the
folks
on
group
a
think
that-
and
why
is
it
that
the
folks
on
Group,
B
and
C
disagree
so.
AJ
Let's
see
what
what
we
agree
about,
neutrality
is
context
dependent,
and
these
questions
lack
enough
context
to
be
useful.
Okay,
all
right!
Thank
you.
AJ
Yeah
people
didn't
answer,
but
out
of
those
who
answered
about
40
of
of
people
in.
AI
General,
it's
supposed
to
be
clear.
When
you
have
a
very
large
number
of
people
you
should.
You
should
take
up
almost
all
the
space,
because
the
whole
point
is
that
you
get
a
random
selection
of
things
and
it
tries
to
pick
up
the
underlying
statistical
correlations
rather
than
like,
literally
having
everyone
go
through
every
statement.
That's
the
whole
point
of
the.
AJ
Could
everyone
hear
that
okay,
so
now?
This
was
just
to
give
a
few
like
a
taste
of
like
what
what
are
some,
what
were
some
of
the
divisive
in
in
the
and
consensual
agreements,
but
we'll
look
into
them
and
sort
of
analyze
it
more
afterwards.
But
now,
let's
look
into
what
are
some
of
the
opinion
bubbles.
AK
AJ
So
we
have
three
clusters:
let's
look
at
what
the
the.
AJ
And
you
know
this
is
a
demonstration.
Of
course.
You
know
this
tool
has
been
used
over
days,
so
you
can
sort
of
work
through
the
data.
Much
better
and
usually
very
very
clear
patterns
emerge.
But,
let's
you
know
where
we'll
we'll
do
some
we'll
try
to
take
some
high
level
insights.
E
AI
So
one
really
important
thing
to
understand
is
I.
Think
paulus
is
amazing.
It's
super
cool,
it's
a
huge
impact
in
the
world.
It's
also
like
absolute
first,
like
think
of
it
as
the
like
Bitcoin
of
like
this
kind
of
percentage.
This
is
not
at
all
optimized.
There's
like
anyone
who's,
a
smart
technologist
in
the
room
is
going
to
think
of
like
seven
things
that
could
be
improved
features,
not
all
of
which
would
work
out,
but
like
it's
just
it's
a
it's
like
the
most
basic
proof
of
concept
of
this
type
of
idea.
So.
AJ
Yeah
Okay,
so
on
group
a
we
have
59
participants.
AJ
Let's
see
what
do
they
agree
about
so
about
half
of
them
think
that
neutrality
means
treating
every
unique
person
the
same,
whereas
on
Group
B.
Oh,
no,
sorry,
I
read
it
wrong.
85
percent
of
people
on
group
a
thinks
that
neutrality
means
treating
every
unique
person
the
same,
whereas
76
of
people
in
group
b.
Disagree
with
that
so
that
that
already
sort
of
characterizes
these
different
groups.
AJ
But
maybe
if
we
look
into
it
more,
we
can
start
to
understand
why,
let's
see
so,
neutrality
means
treating
all
transactions
the
same
sort
of
similar
principles.
Neutrality
means
treating
every
country.
The
same
neutrality
means
that
the
rules
are
set
to
not
privilege
any
specific
participant.
There's
more
shared
agreement
on
that,
but
those
three
first
statements
already
sort
of
indicate
this
division
between
groups
A
and
B
they're.
AJ
I'll
give
an
interpretation,
so
let's
go
down
to
Group
B
now
to
look
into
that
so
Group
B
has
50
participants
and
Group
B
seems
interesting,
so
groupie
is
largely
clustered
around
these
agreements,
so
the
the
Reds
and
it's
the
disagreements
of
the
to
the
three
statements
or
statements
in
similar
Spirits,
so
neutrality
means
trading
transactions
the
same
as
long
as
they
can
afford
gas.
That
was
not
in
in
the
other
one
above
and
the
majority
of
people
in
group
b.
Disagree
with
that
and
let's
look
at
the
first.
AJ
AJ
94
percent
of
group
of
people
in
group
b
agrees
with
that
and
they
disagree
that
it
means
neutrality
means
treating
every
unique
person
the
same.
So
you
can
see
a
pattern
there
and
then
different
forms
of
neutrality
make
sense
in
different
contexts.
For
example,
some
should
distinguish
humans
and
Bots.
Others
should
not.
I
guess
was
the
last
word
that
is
missing.
AJ
85
percent
of
people
in
groupia
group
agrees
with
that.
So
now,
majority
majority.
AJ
So
here
actually
majority
is
not
a
good
word,
because
what
this
is
showing
is
the
plural
majority.
So
what
are
the
statements
that
groups
A
and
B,
despite
their
divergences?
Where
is
it
that
they
can
find
common
ground?
So
neutrality
means
that
means
the
rules
are
set
to
not
privilege
any
specific
participant.
81
overall
agrees
with
that
93
on
group,
a
69
on
Group
B.
All
human
beings
are
rational.
Everyone
agreed
that
this
was
a
bit
of
a
weird
statement.
AJ
AJ
Yeah
lots
of
disagreements
there
and
neutrality
is
different
from
fairness.
That's
an
important
point.
So.
AJ
This
is
what's
interesting
about
this.
Is
that,
despite
the
divergences,
these
are
the
areas
of
Common
Ground
out
of
which
you
can
start
a
conversation,
so
I'll
hand
it
over
to
Glenn
to
share
a
few
thoughts
on
on
the
analysis.
She
was
thinking
about
it
here
and
then
also.
If
anyone
has
any
any
comments,
we'll
hand
it
back
to
you.
E
AJ
AI
Okay,
so
this
group
has
statements
like
neutrality
and
they
agree
with
well.
The
other
group
disagrees
with
statements
like
neutrality
means
treating
every
person.
The
same
neutrality
means
treating
every
transaction.
The
same
neutrality
means
treating
everyone
in
the
same
country,
the
same
sorry
treating
every
country
the
same
Etc,
and
so
what
I
would
describe
as.
AI
This
group
has
is
sort
of,
like
the
maybe
feel,
good
group,
or
something
like
that.
It's
like
there's
many
different
forms
of
neutrality,
which
I
was
trying
to
argue
were
in
tension
with
each
other,
and
this
group
seems
to
be
composed
of
people
who
kind
of
like
all
of
them.
You
know
they're,
like
I,
don't
want
them
to
be
in
tension
with
each
other
or
they
all
sound
good
to
me,
or
something
like
that,
like
that,
that's.
AI
Perfecto
this
one
really
likes
statements
like
neutrality
in
certain
cases
can't
be
evaluated.
A
group
can
be
evaluated
grouping
level
and
not
individual
level
or
different
forms
of
neutrality.
Make
sense
of
different
context.
AI
AI
Mean,
and
so
the
the
main
divide
seems
to
be
like
group,
a
is
kind
of
embracing
the
contradictions
and
Group
B
is
like
trying
to
say
in
the
face
of
these
contradictions.
We've
got
to
do
a
lot
of
really
complicated
thinking
and
I,
probably
can't
in
a
tweet
length
thing
even
express
what
I
think
the
next
steps
of
that
are.
E
AJ
Does
anyone
here
feels
like
they
identify
with
group
a
and
want
to
wants
to
share
elaborate
a
bit
on
their
views
and
share
with
the
rest
of
the
group
or
group
b,
any
volunteers?
Okay,
so,
are
you
on
group
a
or
group
b
you.
E
Y
I'm
on
the
group
D
and
I,
like
I,
saw
it
like
from
a
perspective
from
like
a
tolerance
and
I
I.
Think,
like
now
group
a
like
the
neutrality,
yes
was
like
close
or
embraced
as
a
tolerance
by
the
group.
A
that's!
That's
how
I
feel
it
like.
We
tolerate
everything
and
try
to
neutralize.
E
AG
Yeah
Daryl,
Malone
I
think
I
would
have
been
in
group,
a
I
guess
and
I
think
I
would
say
that
the
the
complexity
of
neutrality,
kind
of
comes
out.
If
you
look
at
it
as
a
very
specific
thing
that
applies
to
those
that
are
maintaining
the
function
of
a
system
and
not
necessarily
looking
at
the
decisions
of
a
system
and
I
think
that
kind
of
for
me
makes
makes
it
a
lot
simpler.
AL
C
Hey
I'm,
Phil,
so
I
agree
with
Glenn's
notion
about
the
many
different,
conflicting
neutralities
and
I
think
that
makes
any
decision
taken
on
the
basis
of
neutrality,
kind
of
reductionist,
so
I
kind
of
vibe.
With
the
like.
It's
complicated,
you
know,
description,
I,
think
that's
kind
of
accurate.
AB
Hey
this
is
Hassam.
One
thing
that
I'm
interested
to
understand
is
like:
how
would
we
solve
that
like
when,
like
each
all,
countries
would
be
treated
the
same?
Aren't
we
better
off
splitting
United
States
to
50
country
and,
and
so
on?
You
know
like
it's
like
how
would
we
solve
such
kind
of
attack,
which
is
like
your
you
will
coordinate
again
in
a
different
way,
so
you
will
take
advantage
with
B
yeah.
Obviously,.
AJ
AF
Hi
I'm
saffron
I
I,
probably
was
in
group
b,
definitely
and
I
think.
Maybe
this
means
that
we
can't
say
that
a
system,
a
system
as
a
whole
is
or
is
in
neutral,
but
that
we
can
evaluate
some
degree
of
neutrality
along
a
particular
axis
and
kind
of
look
at
it
in
a
very
multi-dimensional
way.
AJ
AA
I
was
in
group
a
and
the
way
I
what
I
thought
about
the
groupings
was
kind
of
it
aligned
with
of
italics
paper
about
vitac,
vetoocracy
and
bulldozer
political
access
and
I
feel
like
group.
A
is
like
the
vitoocracy
and
Group
B
is
maybe
more
the
the
bulldozer
political
axis.
AJ
For
those
who
haven't
read,
can
you
just
elaborate
a
little
bit
on
and
that,
like.
AA
From
what
I
remember
it
was,
the
vetoocracy
was
more
like
if
there's
a
lot
of
people
who
are
equally
weighted
they'll
be
able
to
keep
back
kind
of
a
tyranny
of
bulldozers,
but
bulldozers
are
needed
in
order
to
get
a
lot
of
stuff
done,
so
you
kind
of
need
both
both
groups
to
balance
the
system.
W
Actually
I'm
in
group
b,
two
thoughts
is
that
one
is
probably
some
other
people
or
they
mentioned
that
it
it's
a
social
difference.
There's
many
that
I
mentioned
you
can
now
achieve
neutrality
on
Old
Dimensions
at
the
same
time.
W
So
it's
a
constraint
neutrality,
maybe
in
one
or
two
access
or
Dimension,
that's
achievable
and
also
that
to
to
achieve
the
neutrality
in
require
a
value
judgment
right
in
what
what
make
it
neutral
is
just
treat
them
all
the
same
or
sometimes
maybe
require
treating
differently
in
order
to
be
neutral,
and
that
require
vital
judgment
that
also
very
difficult.
That's
why
I'm
in
the
group
b.
AJ
Yeah
I
think
it's
an
interesting
question.
I
wonder:
maybe
if
someone
from
group
a
would
like
to
elaborate
a
little
bit
more
on
their
views
and
share
with
the
rest
of
the
group.
X
I
G
Oh,
does
it
okay,
yeah
yeah
for
me,
I
was
in
group
a
and
I
just
found
myself,
maybe
a
little
bit
naively
having
a
bias
towards
just
wanting
to
agree
with
all
the
statements.
I
mean
I
kind
of
saw
some
of
the
tension
between
the
statements
but
I
also
just
like
there's
a
lot
of
different
interpretations
of
what
neutrality
is
and
kind
of
just
found
myself
agreeing
with
all
of
them.
AK
I'm
I'm
trying
to
wrap
my
hair
around
the
terms,
equity
and
equality
and
I'm
would
like
to
know
from
your
perspective
if
those,
if
any
of
those
is
actually
a
neutral
one
in
any
of
these
senses,
just.
AI
One
thing
one
thing
to
say
about:
Equity
inequality,
I'm,
not
sure,
but
I
think
that
people
are
referring
to
a
particular
meme
that
defines
those
in
a
particular
way,
not
necessarily
to
like
some
abstract
diversion
of
it.
Do
you
know
the
meme
that
I'm
talking
about
yeah,
probably.
AK
That
there's
like
a
fence
and
then
you
have
like
people
with
different
heights
and
is
that
the
meme
that
you're
talking
about?
Can
you
elaborate
on
that
one
so
like,
for
example,
let's
say:
let's
go
to
the
statement
that
says
how
many.
AI
AI
AK
AK
When
we
say
neutrality
means
treating
every
unique
person
the
same,
are
we
taking
into
consideration
that
or
not
and
what
and
what
are,
the
things
that
we
should
be
taking
into
consideration
when
we
say
treating
the
same.
AJ
Let's
continue
developing
this
conversation,
the
idea
for
now
the
next
step.
Oh
sorry,
us
one
final
statement,
drinking.
AM
A
little
bit
of
a
have
a
little
bit
of
a
difficulty
wrapping
my
head
around
the
term
neutrality
because,
like
you
mentioned,
neutrality,
only
exists
in
different
contexts
and
when
we're
trying
to
build
systems
that
are
supposed
to
be
neutral,
then
that
means
that
there
is
a
certain
bias
to
gain
positive
impact
to
get
negative
impact
or
whatever.
And
then,
when
we're
not
building
these
systems
by
ourselves,
we're
building
them
together.
AJ
It's
a
great
question,
folks:
the
idea
for
now
I
want
to
stick
to
our
agenda
so
that
we
can
make
the
best
use
of
our
time
together,
they're
different
out.
This
was
a
prompt
and
hopefully,
an
exercise
that
shows
some
of
the
different
views
and
I
have
to
say
I'm
I'm
a
bit
impressed
because
usually
it
felt
very
binary.
You
know
the
the
results
here.
AJ
AJ
Okay,
we'll
come
back
with
a
few
more
comments,
but
the
idea
for
now
is
just
for
you
at
your
tables
for
us
to
take
10
minutes
to
discuss
this
and
then,
as
you,
you
can
share
your
visions
and
some
of
some
of
the
questions
that
this
this
conversation
on
police
brought
up
to
mind
to
you
and
then
what
we'll
do
is
we'll
take
we'll
do
another
iteration
on
police.
It
becomes
a
lot
more
interesting
when
we
iterate
on
it,
because
we
can
see
both
sides.
AJ
We
can
think
about
it
in
a
more
informed
way
and
then
the
idea
is
to
try
to
understand
where
the
bridges,
what
are
the
areas
of
Common
Ground?
What
are
some
of
some
of
the
statements,
new
statements
that
can
be
added
that
can
help
bridge
these
groups.
So
let's
just
take
10
minutes
to
discuss
at
our
tables.
AJ
AI
AI
Y
AJ
AC
AC
I
AC
AC
AC
AC
H
T
AJ
Okay,
gracias.
AJ
Okay,
so
folks
come
back
here
with
me,
who's
hearing
me
clap
one
time
who's
with
me,
clap
twice:
okay,
sorry,
one
second!
AJ
AL
Hi
guys,
so
our
talk
was
primarily
focused
on
debating
neutrality
within
democracy,
he's
from
Colombia
I'm
from
Mexico
he's
from
the
US
Canada
and
where
we
all
talked
about
was
that
it's
really
complicated
to
have
to
wait.
Each
vote
the
same
when
some
of
that
democracy
is
corrupted
from
the
from
the
campaign
from
the
campaign
start,
for
example,
in
Mexico
right
now
we
have
I'm
low
as
a
president
and
he's
building
a
lot
of
infrastructure
projects.
AL
Don't
make
sense
and
see
more
than
60
of
the
population
agree
with
him,
but
it's
really
difficult
for
people
who
well
it's
every.
It's
really
difficult
for
the
right
incentives
to
guide
the
correct
policies,
because
when
somebody
can
quickly
say,
okay,
I'm
gonna
give
you
this
short-term
reward
for
your
vote.
Well,
that's
difficult!
AL
So
what
we
were
basically
talking
about
was
neutrality
in
different
contexts,
basically
makes
it
yeah
it's
it's
very
difficult
to
have
a
neutrality
when
the
people
acting
on
it
have
different
incentives,
yeah,
okay,
sure
so
I'm
from
Colombia
and
here
in
Colombia,
a
big
social
problematic
is
buying
votes.
So
people,
although
we
debated
about
how
it
ended
up
affecting
the
policies
and
the
actual
morality
of
it
at
the
end
of
the
day,
it's
not
the
right
incentive.
AL
So
weighing
those
people
who
are
kind
of
neutral
and
don't
know
who
to
vote
for
or
don't
are
not
really
interested
in
voting
for
and
you
offer
them
an
incentive
economic
incentive,
then
it
becomes
like
their
vote
is
not
for
the
people
it's
for
them
and
their
vote
is
not
actually
for
what
you're
voting
for
which
is
the
governor,
but
for
the
whatever
money
they
gave
you
so
should
that
vote
be
taken
into
account
because,
according
to
a
neutral
perspective,
it
should
but
I
at
least
doubted
you
thanks.
AL
AL
But
one
thing
that
we
all
agreed
that
naturality
is
a
pretty
much
a
the
status
of
Here
and
Now,
even
with
like
what
you
just
said
about
political
vote
like
here
and
now,
you're
natural,
but
maybe
within
like
a
few
weeks,
you
have
an
opinion
and
you
will
be
agreeing
or
disagreeing.
So
it's
almost
like
a
you
cannot
keep
the
state
forever.
AL
It's
just
a
Here
and
Now
how
you
feel,
and
it's
yes
exactly
so
we
kind
of
had
the
same
feelings
about
like
this
exercise
and
like
how
we
think
about
it
and
it
changes
for
sure.
It's
not
something.
We
can
have
forever
super
interesting
sort
of
speaking
to
the
needs
for
sort
of
continuous
adaptation,
adaptability,
okay,
so
now
I'm
curious.
If
was
was
there
any
of
you
who
were
either
on
group
a
or
group
b?
AL
AL
Yeah
it
that
really
stood
out
to
me,
I'm
Alex,
by
the
way
that
as
I,
was
sort
of
watching
these
questions
and
how
people
were
describing
neutrality
and
siding
with
it.
I
feel
like
neutrality,
for
one
took
a
lens
where
neutrality
was
very
close
to
goodness,
like
as
if
some
people
were
already
feeling
like
neutrality
was
good
and
that's
how
they
were
voting
and
another
perspective
which
started
clearly
like
forming.
For
me,
as
we
were
doing,
this
was
that
some
people
at
least
to
how
I
see
it
now
seem
to
take
neutrality.
AL
As
a
rule,
we
apply
regardless
of
context
which,
if
you're
going
to
strictly
logically
Define
things
like
I,
think
that
makes
a
lot
of
sense,
but
yeah,
not
everybody's,
going
to
view
it
that
way.
And
then,
if
you
get
into
complexity
and
not
context
dependent,
then
you
get
a
very
clear
split.
So
it's
really
interesting
to
see
multiple
shifts
in
what
I
understood
to
be
neutrality
happen,
as
we
were
going
through
how
other
people
observed
it.
AL
Yeah
so
kind
of
referring
to
what
I
was
saying
before
I
mean
like
one
observation
like
hearing
here
and
like
here,
discussion
on
the
table
was
that
very
often
like
we
want
to
tolerate
someone
else's
opinion.
We
want
to
be
like
good
in
a
society,
but
I
mean
me
being
part
of
the
group
b,
yes
kind
of,
like
you
know,
opposing
to
say
that
okay,
we
can't
neutralize
things.
We
can't
tolerate
everything.
AL
Yes,
like
bad
things
should
be
called
out
right,
like
neutralizing
the
value
meaning
like
no
getting
rid
of
our
civilization
kind
of
the
thing
right.
So
yes,
it's
complex,
but
you
know
the
the
problem
is
that,
like
at
some
extremias,
like
neutral
thing,
can
be,
in
my
opinion,
right
if
we
like
really
no
like
take
the
value
out
of
it
right,
yeah
but
I.
Think,
like
that's
the
problem.
AL
So
anyone
else
has
some
bridging
reflections.
Okay,.
AL
Things
I'm,
Leonardo
and
I
was
thinking
about
because
we
are
all
talking
about
neutrality
like
just
neutrality,
but
the
question
it
says
about
digital
neutrality
right
so
I
was
thinking
about
if
it
is
like,
maybe
a
difference
or
something
very
specific
to
digital,
because
thinking
about
digital
it
so
that
digital,
it
may
be
refers
to
in
general
to
Binary
data
info
right,
and
it
is
built
like
that
mainly
for
communicating.
AL
So
maybe
if
we
talk
about
digital
neutrality,
we
are
talking
about
communication
across
networks.
So
from
that
point,
I
see
that.
Maybe
it's
not
like
that
complex
the
the
term
of
neutrality,
because
if
you
talk
about
communicating
overnight
course,
it
could
be
like
any
peer
has
the
same
chance
to
communicate
with
other
people
right.
So
at
that
point,
I
think
that
I
was
the
group
a
because
I
didn't
see
like
a
bigger,
complex
problem,
but
something
in
a
specific
context.
AL
Yeah
and
to
emphasize
that
our
question
is
directed
towards
digital
neutrality,
so
that's
digital
public
infrastructure
neutrality
in
digital
infrastructure.
Does
anyone
has
any
other
sort
of
insights
or
bridging
comments
that
they
want
to
share?
Okay,.
AL
I
thought
that
was
a
very
insightful
exercise
and
I.
Think
I
was
more
associating
myself
with
the
group
a
at
the
start,
and
then
they
were
discussing
and
I
was
hearing
other
people
giving
feedback
and
I
think
I
mean
as
just
a
human
being
it's
very
hard
to
make
binary
choices
like
just
100
years.
100
no
and
for
me,
it
was
like
I
would
agree
with
the
like.
AL
Most
of
the
maybe
questions
that
the
group
a
was
agreeing,
but
unless
there's
some
exceptional
circumstances,
kind
of
the
situation,
so
for
me
it
was
I
was
more.
AL
You
know
it
was
closer
to
me
to
vote
on
a
group
because,
like
maybe
80
percent
I
would
agree
that
as
a
basic
rule
and
basic
understanding
of
neutrality,
but
then
also
leaving
a
room
for
you
know,
I
don't
know
exception
in
special
cases,
rather
than
just
saying
completely
now
and
disagreeing
so
yeah.
AL
This
is
actually
a
wonderful
point
because
we'll
we'll
iterate
on
the
platform
one
more
one
more
time
after
all
of
these
discussions
and
in
this
iteration.
This
is
the
opportunity
for
you
to
add
that
extra
Nuance
that
you
felt
was
missing
in
the
former
statement.
So
neutrality
is
so
you
can.
You
can
add
that
nuance
and
that
complexity
in
this
in
this
second
iteration.
AL
This
is
a
little
bit
of
a
troll
point,
but
it
did
change
my
views.
So
someone
said
the
word
neutralize
earlier
and
I
made
the
connection
between
neutrality
and
neutralization,
like
wouldn't
the
most
neutral
thing
in
the
world,
just
be.
If
none
of
us
really
existed,
that
would
be
super
Fair
it'd
be
super
conformant
with
all
of
group.
A's
statements
vacuously
satisfy
any
definition
of
Neutrality,
so
just
putting
that
out
there
as
an
idea.
AL
AL
So
what
he
said,
I
just
thought
of
something
like
when
we
talk
about
digital
neutrality
right,
it
obviously
becomes
a
lot
easier
to
enforce
because
you
could
like
create
things
at
protocol
levels
which
humans
cannot
change.
Obviously,
that
is
not.
We
don't
exist,
but
we
lock
out
a
lot
of
choices
that
you
could
otherwise
have
in
that
and
then,
in
a
sense,
you
are
like
a
lot
of
like
freedom
of
choice
is
gone
and
thereby
it's
a
lot
more
neutral,
which
is
not
like
very
far
from
what
he
said.
AL
As
you
pointed
out,
I
was
a
little
bit
dismissive
of
group,
a
and
identified
with
Group
B,
but
just
to
like
I
thought
that
your
comment
was
very
insightful,
which
is
I.
Think
that
many
of
people
in
group
a
seem
to
have
thought
of
each
statement
as
having
much
more
implied.
Context
then,
like
I
was
thinking
like
they
were.
They
might
have
been
stated
in
a
universal
way,
but
a
lot
of
people
thought
well.
Of
course
they
must
be
talking
about
context,
Acts
or
context.
AL
Why
and
so
I'm
in
agreement
with
the
statement,
because
I
see
that
implied
context.
But
if
we
draw
that
out,
maybe
there
wouldn't
be
as
much
disagreement
between
the
two
groups,
because
Group
B
was
really
thinking
of
them
as
very
broad
statements
and
group.
A
was
thinking
of
them
as
specific
to
the
context
where
that
principle
is
appropriate.
AL
So
now,
in
the
spirit
of
adaptability,
I
want
us
to
I
I'm.
Sorry,
I
can
take
more
inputs
because
I
want
us
to
take
the
time
to
do
one
more
round.
Let's,
let's
see
how
this
how
these
Notions
evolve
by
going
back
to
the
platform
and
adding
bridging
statements,
statements
that
have
richer
contacts
and
that
add
the
exceptions
to
the
rule
and
that
you
feel
can
sort
of
reflect
anything
that
you
might
have
learned
about.
AL
Someone
else's
point
of
view
today
or
anything
else
that
you
might
that
you
might
want
to
add
you
know
it's
not
a
tyranny,
but
I.
Think
one
of
the
particularly
interesting
things
is
to
try
to
add
that
additional
context
in
once
and
and
try
to
bridge
what
are
some
of
those
different
views
now
that
you've
been
more
exposed
to
to
them.
So
let's
take
five
minutes
for
that.
AL
AL
AL
AL
AL
AL
AL
Yeah
find
even
more
interesting
so
now
neutrality,
Means
A
system,
that
does
its
best
to
not
privilege
any
person,
and
this
means
it
has
to
evolve
into
dynamic.
It's
for
me
is
like
very
clearly
what
I
expressed
like
you
see.
There's
a
logical
word
on
that.
No
I
can't
answer
it
anymore,
because
I
have
both
perspectives.
AL
AL
Even
the
fact
that
it
was
public
good,
it
would
I
would
imagine
more
people
would
be
like
okay.
What
was
the
questions
which
one
was
the
question
number
44
in
the
previous
one
is
personal
Liberty
should
be
favored
over
corporate
good,
a
republican
like
if
the
same
number
of
Republic
code
I
would
imagine
the
vote
would
look
quite
different.
So
when
you
guys
look
at
something
like
that,
are
you
guys
thinking?
Okay,
this
is
more
proportional
Liberty
or
anti
purpose
statement
of
anti-corporate.
AL
Yeah
the
liberty
interest
is
like,
if
you
versus
Corporate
good
versus
public.
It
is
kind
of
like
a
differently
tailored
I,
think
a
different
kind
of
slightly
different
concept.
Okay,
and
we
should
ask
both
questions:
yeah
yeah,
but
but
I
I'm,
gonna,
I,
guess
what
I'm
saying
is
I
think
people,
it's
not
what
I
think
Liberty
is
but
I
think
people
interpret
that
probably
different
if
it
were
free.
Yes,
which
is
why
the
question,
but
right
now
just
this
statement
when
you
guys
decide
to
sort
of
look
at
it.
AL
AL
You
could
yeah,
let's
continue
evaluating
folks,
let's
try
to
get
through
sorry,
let's
try
to
get
through
hello.
Let's
try
to
get
through
this
statement
so
that
we
can
really
completed
this
exercise
to
the
best
of
our
ability.
AL
AL
AL
AL
And
make
sure
to
refresh
your
police
page
so
that
you
get
the
new
questions.
AL
AL
AL
Okay,
let's
come
back
to
to
the
report
and
see
how
things
have
evolved.
So
you
know
this
is
interesting.
I've
I've
done
this
Workshop
I've
used
it
this
too.
A
number
of
times
and
I
have
to
say
that
this
was
definitely
the
most
binary
conversation.
AL
We
have
a
solid
third
group
right
now,
so
I
think
group
a
remains
with
similar
views,
groupy
sort
of
skeptical
and
saying
it's
complex,
it's
complicated,
but
not
really
articulating
what
what
that
complex
vision
is
and
then
kudos
to
group
C
who
is
starting
starting
to
create
some
of
these
articulations?
So,
let's
look
into
Group
C
together.
This
was
really
interesting,
so
Group
C
is
saying.
Neutrality
must
be
put
in
a
context.
Otherwise
it
doesn't
make
sense.
Neutrality
is
not
an
optimal
solution
for
the
evolution
of
the
human
race.
AL
Incentives
are
inherently
non-neutral
and
they
super
disagree
with
treating
every
country
the
same,
every
every
unique
person,
the
same
so
they're
saying
you
know
you
need
contacts,
you
need
to
take
into
account
different
incentives,
and
you
need
new
I.
Think
that
what's
I
won't
put
my
interpretation
of
the
comment
about
ending
the
human
race.
Is
that
sort
of
affirming
that
that
you
want
plurality
right
you
you
want
to
have
diversity,
you
don't
want
to
collapse.
AL
So
is
there
any
conception
of
neutrality
that
can
also
make
room
for
pluralism
remains
to
be
seen,
but
I
think
that
this
statement
is
expressed
that
this
is
a
desirable
thing,
so
yeah
this.
Let
me
do
one
more
refresh
here
to
see
if
anything
different
came
on,
Group
B,
the
guy.
That
said,
we
must
all
perish,
touch
neutrality,
made
a
good
point
and
let's
look
at
the
Spectrum
here.
AL
Neutrality,
while
important
is
not
the
only
goal,
neutrality
is
layered,
some
layers
of
the
system
should
should
strive
to
be
neutral
and
some
layers
can
be
biased.
We
should
continue
to
actually
should
continue
this
exercise
on
a
bar
with
drinks.
Okay,
so
let's
good,
let's
see
what
is
it
that
all
three
groups
can
agree?
AL
AL
Individuals
should
have
autonomy
over
what
products
and
services
they
use
and
neutrality,
while
important
is
not
the
only
goal
of
a
society
and
needs
to
be
balanced
with
other
priorities,
and
then
what
are
some
of
the
things
that
it's
interesting,
because
there's
almost
usually
in
the
plural
majority,
section,
there's
more
agreements
and
disagreements.
This
is
pretty
half
and
half
there's
a
lot
of
areas
of
common
ground
of
disagreements.
AL
AL
So,
as
I
mentioned,
you
know
this.
This
is
super
rich
and
there
you
know
it
merits
doing
a
proper
analysis
that
we
can
do
right
here.
But
hopefully
this
was
an
interesting
exercise.
Neutrality
is
a
huge
value
in
this
ecosystem
and
it's
one
that
has
very,
very
serious
and
important
implications,
so
I'm
curious
to
hear
any
thoughts,
Reflections
comments
on
this
exercise
or
anything
that
you
might
have
learned
and
and
we'll
be
posting
more
sort
of
thoughtful
report
of
how
this
went
online.
AL
So
you
can
look
for
it
on
the
radical
exchange
Twitter
or
you
can
come
up
to
the
table
and
just
send
me
just
give
me
your
email
and
yeah.
Hopefully
this
was
this-
was
a
good
exercise.
I'll,
take
a
few
comments
and
then
we'll
wrap
up.
AL
Cool
on
the
exercise
I
wanted
to
know.
If,
in
the
second
round,
did
we
vote
again
on
the
same
statements
or
the
votes
we
already
had
issued
of
the
statements
on
the
first
round
stayed
the
same
because,
like
from
a
deliberative
Democratic
perspective,
it
would
be
interesting
to
vote
again
on
those
issues
like
after
debating
yeah.
So
this
is
open
source
software,
so
it
needs
a
lot.
It
needs
a
lot
of
work,
but
no,
the
the
votes
remain.
The
same.
AL
The
votes
remain
the
same,
so
I
thought
that
was
a
an
interesting
experiment.
I
guess
one
question
is
I
think
this
group
is
like
all
coming
here
with
good
faith
and
good
intentions,
and
one
thing
I
noticed
is
like,
as
people
answered
questions,
even
if
I
wasn't
answering
a
question,
the
groups
could
like
pretty
quickly
kind
of
shift
and
also
my
position
in
the
groups.
Kind
of
could
quickly
shift.
AL
So
are
you
thinking
about
this
in
the
context
of
like
people
who
might
want
to
like
intentionally
create
those
shifts
or
like
kind
of
a
more
adversarial
mindset,
and
how
would
you
mitigate
that
I
guess
now?
Yesterday
we
were
giving
this
Workshop
to
a
group
of
organizations
that
are
working
on
citizen
participation
in
the
Southern
Southern
Hemisphere,
and
they
were
like
my
God.
AL
This
is
like
such
a
good
tool
for
political
manipulation
and
you
can
use
it
for
good
or
bad
I
mean
it
can
go
in
any
direction,
but
part
of
the
thinking
behind
trying
to
advance
a
paradigm
with
more
pluralistic
social
technologies
that
if
we,
if
we
can
provide
more
resolution
into
the
different
social
Dimensions
that
exist
within
a
community,
then
that's
that's
the
only
thing
that
will
unlock
good
governance
and
our
ability
to
find
to
cooperate
across
diversity.
So
you
know
it
comes
it's
a
double-edged
sword,
I'm,
not
sure.
AL
Just
share
my
perspective
on
the
highlighted
statement.
I
thought
this.
The
other
priorities
are
more
like
today
versus
the
future
like.
If
you
ask
me,
should
the
world
today
be
neutral?
Yes,
of
course,
there
should
be
fairness.
Had
the
world
be
neutral
from
day,
one
of
existence
would
be
reach
here,
I,
don't
know
so
I
mean
I.
Don't
have
an
answer
obviously,
but
like
I
thought,
that's
what
like
that
statement
is
all
about
like
today's
neutrality
versus
neutrality
as
a
tool
to
forward
the
human
race.
AL
Some
comments
on
on
the
exercise
itself
are
I
think
that
the
exercise
heavily
depends
on
the
quality
of
the
questions,
and
probably
we
need
to
have
some
approach
to
exclude
some
some
of
these
questions.
When
we
see
some
white
areas
there
and
probably
those
those
questions
were
not
very
you
know.
So
people
didn't
want
to
answer
this
question.
Probably
we
should
exclude
them
or
probably
we
should
have
another
options
on
the
on
the
poll.
So
where
be
people
on
voting,
so
they
can
kind
of
exclude
or
report
against
this
question
thanks.
AL
We
radical
exchange,
we
do
develop
a
few
Technologies,
but
this
is
not
developed
by
us,
is
by
the
amazing
Folks
at
the
computational
Democracy
project
and
it's
an
open
source
software.
You
can
make
a
full
request
or
give
them
some
support
and
share
your
feedback,
but
yeah
as
Glenn
was
saying,
this
is
a
very,
very
primitive
tool,
but
it
is
better
than
most
of
the
things
that
we're
using
in
trying
to
you
know,
identify
social
groups
and
and
illuminate
areas
of
common
ground
and
disagreement.
AL
And
it's
it's
something
to
it's
remarkable:
how
how
primitive
it
is
and
and
the
fact
that
it's
still
one
of
the
best
tools
that
we
have
so
we
need
to
continue
developing.
This
can
I
jump
in
yeah.
AL
Yeah,
so
going
back
to
the
earlier
part
of
the
I
I
find
it
interesting
because
I
tried
to
Prime
the
discussion
with
like
a
conception
of
decentralization,
and
so
we
could
actually
use
some
of
those
if
somebody
want,
if
you
know,
if
anyone
here
is
a
hacktivist
who
wants
to
improve
polis,
we
could
actually
import
some
of
those
Concepts
there
like,
for
example,
having
non-transferable
nfts
to
represent
your
groups
and
allowing
quadratic
voting,
and
then
we
could
have
a
much
richer
perspective
of
clustering
there.
AL
But
the
set
the
second
observation
I
wanted
to
make
like
Glenn.
You
gave
your
perspective
on
the
clustering,
but
I
actually
I.
Think
the
difference
between
group,
a
and
Group
B
was
like
a
was
sort
of
more
biased
towards
thinking
about
neutrality
in
the
in
the
sort
of
voice,
Camp
of
Voice
versus
exit
and
thinking
about
equality
and
Notions
of
fairness
and
being
like
yeah
yeah,
of
course,
like
individuals,
nation
states,
right
and
then
I
think
Group
B
was
maybe
more
focused
on
like
neutrality
as
an
exit.
AL
I
should
be
able
to
be
able
to
send
my
information
packet
wherever
I
want
to
or
like
you
know,
transactions
independent
of
gas
or
with
the
exception
of
gas.
Sorry
with
gas
is
the
only
limitation,
so
I
thought
that
was
that's
kind
of
I.
Think
there
there's
some
broad
Strokes
that
can
be
made
there
on
like
Voice
versus
exit
and
how
that
how,
where,
where
you
kind
of
are
on
that,
might
inform
your
view
of
neutrality.
AL
Yeah
I
just
wanted
to
talk
about,
like
you
know,
using
some
learnings
from
I,
mean
this
Workshop
into
the
Dao,
like
the
autolink,
specifically
right,
so
like
very
often
in
doubt
that
you
know
the
questions
we
ask
in
the
Dao
may
be
not
the
right.
It's
not
not
very
often
the
right
one
like,
for
example.
Yesterday
we
had
a
workshop
with
with
maker
on
like
how
to
optimize
the
governance
process
and,
like
you
know
there
was
some
drama
related
to
yeah,
basically,
some
voting
and
currently
in
Cosmos.
AL
We
have
like
this
huge
proposal
for
atom
2.0
and
yes
like
very
often,
we
cannot,
like
you,
know,
get
an
agreement,
because
the
scope
of
of
a
decision
is
cute
right,
so
like
applying
these
tools
for
the
house,
to
make
more
I
mean
to
break
them
down
and
more
make
more
specific
decisions.
AL
Yes,
I
guess
that
would
really
help
in
wanting
to
contribute
to
police
and
I
know
that
there
was
one
integration
with
web3
wallets
that
was
made
last
year,
but
we
ended
up
not
using
it,
but
I'm
happy
to
connect
you
with
the
folks
who
worked
on
it
and
as
Glenn
was
saying,
I
mean
if
this
was.
If
you
could
quadratically
vote
on
the
statements.
AL
This
would
be
incredible
if
you
could
also
connect
it
with
spts
that
are
being
used
today,
for
example,
for
at
the
governed
platform
that
creates
expertise
for
Dow
contributions,
and
then
you
have
internal
clusters.
You
have
external
clusters,
you
know
there's.
There
are
many
ways
in
which
this
can
develop.
I'll
go
to
some
of
the
other
folks.
AL
AL
AL
We
we
have
a
software
for
quadratic
voting
that
we
developed
at
radical
Exchange
in
the
way
that
this
happens
is
that
you
usually
go
through
it
through
the
different
proposals
a
couple
times
and
you
sort
of
distribute
it
once
and
then
you
sort
of
continue
readjusting
it
a
few
times,
which
means
that
you
probably
need
some
way
of
curating.
A
smaller
number
of
statements.
AL
Yeah
our
sort
of
way
to
hack
around
this
is
that
in
many
workshops
that
we
do
a
radical
exchange,
we
first
do
a
police
conversation.
Then
we
do
we
curate
a
ballot
and
then
we
put
it
in
the
quadratic
voting
platform
and
then
we
do
a
vote.
So
we
do
this
deliberation.
Then
there's
also
a
delegation
step.
So
you
have
some
credits,
then
you
delegate
them
around.
AL
AL
We've
seen
groups
that
have
sort
of
been
having
a
very
hard
time
in
advancing
on
a
particular
issue
for
months,
and
then
they
did
a
workshop
in
one
and
a
half
hours
using
these
three
tools
and
they
sort
of
unlocked
a
few
things.
So
it's
a
pretty
good
idea,
but
it
would
be
better
to
have
them
more
integrated.
AL
Folks,
we
have
five
more
seconds
in
this
Workshop,
so
I
just
want
to
thank
everyone
and
I
also
want
to
say
we
have
amazing
infinite
diversity
in
Infinite
combination
stickers
here,
so
you
can
come
grab
them
and
and
if
you'd
like
to
to
get
the
report
of
this
exercise,
we'll
post
it
on
the
radical
exchange
Twitter
but
I
can
send
it
to
your
email
as
well.
Just
come
over
and
send
me
and
give
me
your
email
address
and
thank
you
so
much.