►
From YouTube: Core Devs Meeting
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
B
A
Town
hall
updates
regularly
for
teams.
They
might
be
a
good
idea
to
just
give
like
a
five-second
one
minute
update,
but
what's
going
on
in
in
Sofia's
form
the
last
week
since
the
first
I'm
we're
doing
this,
people
might
not
be
prepared
prepared
or
whatever
that's
okay,
but
maybe
we
can
start
with
core
I
know
you
go
if
you
have
a
brief
update
when
I
like
this
sort
of
orientation
for
other
people
with
what's
been
going
on.
E
D
D
So
with
message
reliability,
we
deployed
the
cream
that
checks,
consistency
of
their
channels
on
our
mail
servers
right
now
and
we
merge
some
stuff
like
receiving
acknowledgments
from
on
the
whisper
level
and
some
smaller
things
as
well.
On
the
group
syncing
I
guess
it
was
profile,
picture
and
username,
and
now
we
are
going
to
public
chats
on
the
group
chat,
say
yes
yeah.
They
were
there
like
disabled
in
the
night
with
the,
but
they
will
be
enabled
soon
and
I.
Guess
the
wisest
ask
was
something
about
transferring
could
mean
rights
to
someone
else.
D
If
you
want
to
leave
the
group,
something
like
this
and
in
the
background,
I
was
also
testing,
Elias
and
ELC,
which
would
get
hit
a
little
bit
by
this
constant
in
Nepal's
India,
so
quite
a
few
bugs
related
to
that.
But
we
have
finally
merged
the
latest
go
aetherium
to
our
code
base
and
while
we
were
testing
their
release
and
it
seems
to
sink
at
least-
but
there
are
other
things
we
mean
say
you
were
working
on
this.
There
is
these
two
box
or
lesson
you'll
see.
Yes,
that's
more
or
less
in
the
broad
strokes.
A
You
I
can
say
briefly
just
on
the
protocol
side
of
things,
so
we
started
up,
collaborating
with
them
with
free
foundation
and
valid
labs
and
smaller
teams
with
ideas
of
figure.
You
know,
are
the
bearers
of
this
repository
where
we
are
collaborating
with
them.
It's
sort
of
still
a
list
a
to
know
the
recent
stage.
This
will
say
the
secure
messaging
companion
has
been
given
a
place
in
in
at
the
github
awesome
secure
messaging.
We
cannot
stop
in
also
look
at
resources.
A
So
they
could
be
a
technician
where
one
of
the
milestones
is
also
in
terms
of
figure
out.
What
what
so
far?
What
sort
of
this
later
we're
working
on
it
requires
in
terms
of
underlying
Lipa,
to
be
overlay
network,
whatever
it
is
and
what
it
can
provide.
So
we
can
start
to
look
at
those
things.
Empower!
F
F
F
E
So,
with
regards
to
30,
richard
is
currently
working
on
open,
create
and
closed
function
for
the
voting
there,
and
that
should
be.
We
sought
them
over
last
week,
Thursday
so
I
suspect
either
this
week
or
being
testing
with
regards
to
liquid
funding.
Barry
is
working
on
migrating.
The
liquid
pledging
contracts
to
embark,
as
well
as
investigating
some
technical
questions.
G
F
E
H
Yeah,
so
I
can
start
testing
when
it
comes
to
infra.
Well,
this
week
has
been
out
of
work
related
to
upgrad
invention
stuff,
especially
thanks
to
do
two.
Others
work
on
increasing
yarn,
which
also
opens
the
path
to
upgrading
a
bunch
of
other
things
like
android
hit
decay
and
possibly
upgrading
a
node
as
a
whole
for
all
builds.
So
there's
that
I'm
also
working
on
setting
up
a
search
for
our
pages
and
that
would
work
across
all
of
our
public
resources.
So
we
really
have
a
gnostic
search
pastor
that
they
cater
to
that
right.
H
Now,
writing
a
plug-in
or
hexa
to
index
our
pages.
So
you
can
search
what
else,
because
those
are
the
main
things
that
have
been
happening.
There's
more
details,
for
example,
we're
trying
to
introduce
snake
for
automatic
loading
of
the
mostly
work
from
from
curry,
but
I'm.
Also
taking
part
in
that.
That's,
oh
yeah!
We
now
have
a
new
my
email
server
canary.
Is
that
essentially
check
if
the
message
is
available
on
different
servers
in
the
fleet
are
the
same
and
if
there
are
discrepancies
we'll
get
notified,
so
that's
pretty
cool.
H
E
Okay,
so
automation
automated
testing,
it's
here
and
we
are
ready
to
block
the
ours
without
pull
the
past
and
turn
test.
But
for
that
we
need
only
one
issue.
A
share
now
should
be
in
reveal
to
be
fixed
and
we
can
nourish
a
PR
visual
block,
as
appears
if
no
pass
test
there.
100%
pass
tests
also
we
added
new
desktop
tests
and
there
are
two
investigation
projects
regarding
automated
testing
of
key
card
and
after
meditation
for
nubs,
the
fits
from
us.
A
I
Yep,
okay,
so
so
we've
been
talking
about
this
topic
for
a
while
and
now
that's
we
are
implementing
it.
I
would
like
to
share
the
ideas
here
so
that
it's
everyone
knows,
because
it
would
be
like
a
breaking
breaking
change
and
we
have
two
different
keys
for
wallets
and
whisper.
So
it's
better
to
like
work
together
on
this,
and
so
that,
just
to
remember
why
we
are
doing
this.
So
we're
doing
this
for
different
reasons.
I
So
for
for
the
wallet
key,
we
will
continue
using
the
normal
the
standard,
VIP,
44,
derivation
path
and
then
for
the
whisper
key.
We
are
proposing
another
like
EAP
for
normal,
let's
keys,
so
I
posted
the
link,
there's
a
link
in
the
notes
and
it's
basically
defining
like
a
way
to
use,
extending
like
the
the
the
b.a.p
43:12
different
keys,
one
for
each
purpose
like
one
could
be
in
general,
like
chat,
and
we
will
use
it
for
four
whisper
and
other
keys
like
for
other
kinds
of
encryptions
and
everything.
I
So
now
that
so
there's
a
branch
or
a
dingo
theorem,
sorry
in
stitches,
go
with
also
some
changes
in
go
Assyrian
version,
and
it's
already
like
the
couple
in
the
keys
and
using
the
two,
the
two
different
paths.
The
thing
that
we
need
to
decide
now
is
how
we
want
to
exchange
addresses
for
in
chat
transactions.
I
So,
basically
now,
when
you
are
chatting
with
someone,
you
know
the
whisper
public
key,
which
is
a
chart
like
identity
and
you
can
derived
what
we
do
is
like
deriving
the
address
and
just
sending
in
the
transaction
to
that
address
without
interaction.
So
now
that
we
have
two
different
keys-
it's
not
possible
anymore,
so
we
need
to
to
define
a
way
to
exchange
these
addresses,
so
one
can
be.
D
Yeah
I
still
have
this
question
that
I
wrote
in
the
discuss
forum.
So
I
don't
quite
understand
how
would
it
work
without
the
key
card
for
the
users?
They
don't
have
a
key
card
because
all
the
discussions
were
they
were
like.
Okay,
we
story
and
based
on
the
key
card
to
store
the
key
card.
But
what?
If
a
user
does.
D
I
It's
a
good
question,
so
the
actually
the
the
first
step
is
implementing
the
decoupling
without
even
integrating
the
key
card.
So
what
it
does
is
from
the
so
when
you
create
an
account
or
you
important
account
from
your
mnemonic
Keys,
we
internally
like
generate
the
master
key
memory
and
then
what
we
do
is
deriving
the
wallet
address,
which
is
the
one
defined
with
like
the
baby
44
path.
And
then
we
save
these
this
key
in
the
key
as
a
key
key
file
store
in
go
theorem.
I
So
it's
the
wallet
key,
which
is
the
the
current
one
that
we
have
and
then
the
one
that
we
saw.
The
key
that
we
inject
in
whisper
as
a
whisper
identity
will
be
the
other
one
who's,
the
other
path
that
we
that
we
defined
and
yeah.
So
this
one
is
even
without
talking
about
the
card,
and
then
this
allows
to
to
have
basically
the
same
so
managing
these
two
keys
in
the
same
way
for
for
the
key
card
as
well.
I
I
B
I
So
the
the
one
that
will
change
would
be
the
whisper
identity,
so
the
the
public
key
that
you
used
to
in
charge
basically
to
be
contacted,
but
the
wallet
address
would
be
the
same.
So
basically,
if
we
feel
installed
in
you
up
and
you
import
your
monic
phrase,
the
wallet
address
will
be
exactly
the
same,
but
your
chart
address
and
your
name.
Your
three
words
and
everything
will
be
will
be
different.
I
I
I
C
I
Would
be
possible,
but
so
only
if
we,
if
we,
if
we
basically
derived
the
whisper
key
from
the
the
wallet
key
but
the
way
so
the
way
we
proposed
the
EAP
1581
for
non
wallet
keys
is
like
taking
another
path
from
basically
the
already
the
the
first
level,
the
first
part
of
the
path.
So
basically
it's
like
some
level
higher
than
then
the
wallet
key.
So
the
wallet
key
starts
with
M
/
44,
and
something
and
and
this
one
would
be
43,
because
it's
extending
that
way
before
the
three
and
everything.
C
So
iconic
curious:
why
don't
we
keep
the
if
we're
doing
that
if
we're
deriving
from
the
last
key?
Why
not
keep
the
key
structure
as
it
is
and
instead
in
the
client
we
generate
a
new
new
wallet
address
and
we
translate,
we
Auto
transfer
the
funds
from
the
whisper
key
into
the
new
address.
Wouldn't
that
be
simpler,.
I
Yeah
so
just
to
understand,
if
I
understand
correctly,
and
if
you
correctly
so
basically
we
can
use
the
so
we
can
keep
the
current
key
that
you
have
only
for
whisper,
but
what
we
change
is
like
deriving
another
key
for
the
wallet.
So
in
that
way
it
means
that,
if
you,
if
you
are,
if
you
created
an
account,
the
meta
mask
you
import
it
in
in
status
and
basically
the
the
whisper
key
will
be.
C
C
I
A
I,
don't
know
we're
just
wondering
there
was
some
conversation
at
Def
Con
about
different
standards
and
so
on.
Does
anyone
know
what
the
conclusion
of
that
those
meetings
were
in
terms
of
creating
some
kind
of
key
constant
I
believed
was
maybe
wasn't
on
this
type
of
section
level?
I
I'm
not
familiar
with
details.
E
E
I
A
I
A
I
Then
we
we
proposed,
like
this
ap
1581,
for
these
reasons,
so
for
the
different
keys
that
you
can
use
outside
of
the
wallet
like
not
only
for
transactions
but
for
different
reasons,
charts
and
other
stuff.
That's
why
we
are
like
pushing
on
that
direction
and
of
course
it's
I
mean
we
can
just
stick
the
side
because
it
will
be
like
making
change
so.
A
I
I
Yeah
we
posted,
we
posted
that
the
links
and
discussion,
so
Mikayla
was
imagine
this
and
we
didn't
sell
a
lot
of
the
answers.
So
so
we
we
paint
someone
from
aetherium
and
we
had
a
little
conversation
in
this
yeah.
This
pull
request
for
the
AP
and
now,
as
the
emerges
our
draft,
and
we
can
maybe
I
just
ask
again
and
continue
the
conversation
again
in
the
Phaedo
magician's
forum
and
everything.
B
C
And
I
also
think
for
developers
to
look
at
Micra
do
when
you're
signing
a
transaction
that
uses
like
an
HD
key
and
how
they
look
at
that
and
see
how
we
should
be,
and
then
like
use
that
as
the
basis
of
the
UX
research
and
on
how
we
should
actually
go
about
this
almost
thing
how
they
do.
It
is
correct,
but
at
least
they
give
you
an
option
between
different
modes.
E
B
Well,
this
leads
me
to
think
about
the
identity
work
that
Andres
been
doing
as
well,
and
the
ability
to
have
managing
multiple
identities
with
multiple
wallets
in
the
client.
So
it
might
be
good
to
take
a
look
at
that
work
and,
together
with
you,
x2
to
be
considering
these
things
that
we
have
then
potentially
a
legacy
identity,
and
you
can
have
a
potentially
completely
new
identity
to
couple
those
things
together.
When
we
make
a
decoupling
from
the
whisper
in
the
wallet
key
yeah.
C
I
agree
with
that
Michael,
ultimately
like
we
should
be
trying
to
strive
to
a
point
where
private
key
will
s
are
key.
Pairs
are
ultimately
disposable
and
on
chain
identities
is
probably
where
it's
at
but
like.
We
should
still
good
options
to
people
who
don't
or
reveal
themselves
in
a
form
of
an
identity
on
one
chain.
A
C
B
Basically,
pull
this
all
together
that
we
get
you
do
it's
sort
of
like
a
unified
launch
when
we're
doing
our
new
identity
management
that
we
we
pair,
that,
together
with
decoupling,
the
keys
and
we'll
need
education
and
they
user
flow
for
that.
So
I
think
that
would
be
a
good
convergence
point
for
us
to
work
towards.
F
A
Disgust
and
I
think
what
we
have
seen
is
really
about
world
dependencies
being
compromised,
so
there
was
I
forgot
one
who
once
was
it
copay?
Yes,
so
essentially
they
had
like
a
nodejs
dependency
that
had
another
dependency
and
that's
that
dependency
was
take.
It
was
taken
over
so
the
original
maintainer
wasn't
maintaining
it
anymore.
Someone
came
along
and
took
it
over
push
new
bush
and
had
some
obfuscated
code
and
his
hands.
A
They
sat
there
for
three
months
and
ended
up
with
the
specific
wallet
like
people
use
this
or
that
wallet
loosing
their
funds
like
a
very
simple
attack
victim
and
in
the
recent
in
hit
us
it's
mostly
because
of
luck
and
that
we
aren't
used
that
much
yet
otherwise.
This
could
easily
be
targeted
with
us
and
it's
a
form
of
like
super
super
chain
exploit
and
I
guess
for
context.
A
Right
now
we
are
sort
of
using
reckon
a
tip
and
we
have
around
like
thousand
dependencies
underneath
that
was
a
huge
problem,
so
what
we
saw
when
I
figure
out
this
world.
What
we
can
do
about
this
and
I
saw
what's
implies
for
development
going
forward
in
priorities,
because
this
is
something
is
very
sort
of
say
well,
yeah.
We
work
on
it,
but
we
need
to
chain
some
drastic
that
otherwise.
This
will
happen
to
us.
Yeah.
D
Because
the
biggest
problem
with
NPM-
technically
it
was
not
that
is
like
we
had
these
dependencies,
but
that
NPM
never
really
checked
that
what
was
download.
That
is
what
was
requested.
So
we
essentially
never
used
to
log
files.
So
as
soon
as
we
got
some
dependencies
whenever
they
were
audited
and
the
version
was
like
what
I
was
ero
101
for
instance,
and
then
someone
republish
explosion,
101
with
a
different
binary,
we
didn't
have
any
mechanics
to
check
it.
D
That's
how
essentially
I
guess
that's
how
this
thing
went
through,
because
I
guess
this
guy
hit
first,
he
essentially
published
the
same
version
version
with
the
different
binary
and
then
NPM
what
it
does
it
just
almost
whatever
binary
there
is
and
doesn't
create
the
checksums,
even
though
it
writes
into
log
file.
So
what
we
did
instead
was
so
waiting
threw
away
their
completely.
B
Two
things
so
Corey's
work
on
auditing
dependencies
was
that's
has
to
do
with
the
implementation
of
snake
that
the
Jacob
mentioned
earlier,
that
we
can
start
identifying
which,
which
ones
are
audited
and
then
making
a
note
of
what
isn't
and
I
guess
then,
also
the
shift
to
yard,
where
we
can
freeze
to
specific
builds
as
well
as
another
way
that
we're
approaching
it.
The
attack
vector
one.
D
Example,
that's
exactly
what
the
are
that's
exactly.
What
yarn
does
that
essentially
looks
to
the
specific
binaries
hashes
and
checks
them
and
if
they
are
wrong-
and
that
was
exactly
what
we
have
changed
so
if
some
some
binary
with
the
same
version
was
downloaded,
but
the
hash
of
it
was
wrong
for
some
reason,
then
we
just
it
won't
build
anymore.
So.
H
D
Trying
to
emphasize
some
yarn
because
the
regional
point
in
auditing
dependencies,
if
they
can
be
changed
at
any
time
and
we
can
really
detect
if
they
were
change.
It's
essentially,
you
can
you,
you
can
just
skip
all
the
audits
in
quotes
forever,
because
someone
can
replace
it.
Then
it
won't
be
audited
anymore.
So
that's.
H
E
A
How
are
we
actually
going
to
change
how
we
develop
because
I
mean
it
like
we
it's
a
problem
right
when,
when,
as
we
get
bigger
and
people
start
to
put
funds
in
us
like
serious
amount
of
money,
like
will
become
a
target
and
like
it's
it's
kind
of
trivial,
considering
all
the
dependents
that
we
have
to
just
do
something
innocent
change.
So
we
need
a
more
structured
approach.
That
sort
of
this
is
commensurate
with
the
phret
mall
that
we
are
facing
right.
A
H
Comment
because
it
plugs
into
github
and
it
actually
checks
every
PR
for
for
changes
in
dependencies
and
I
haven't
looked
a
bit
at
configuration,
I
haven't
seen
all
of
it,
but
there
might
be
settings
where
you
can,
for
example,
block
pr's.
We
don't
have
explicit
check
on
the
dependencies
changed
or
added,
and
that's
what
part
of
what
what
me
and
Korey
will
be
doing
so
any
dependency
changes
are,
are
better
audited
and
checked,
appears.
D
And
we
probably
need
to
expand
it
to
the
other
languages
as
well,
because
right
now
my
fix
did
you
have
a
script?
So
we
are
fixing
the
JavaScript
stuff,
but
they're
also
like
at
least
two
more
dependency
managers
that
we
use
to
build
or
three
more
to
be
exact
right.
So
there
is
like
dependency
manager
and
go,
which
is
a
little
bit
simpler
because
it's
just
download
source
files,
so
you
can't
really
get
it
without
see
the
source
files
changed
in
your
repository,
then
the
second
one
is
cocoapods.
D
When
we
download
something
for
react,
native,
iOS
components
and
the
third
one
is
Gradle
or
maven,
that's
runs
behind
it.
Let's
actually
download
some
closure
and
Android
artifacts
from
whatever
it
downloaded
them.
So
this
this
thing
should
be
also
covered,
which
they
are
more
hidden
than
JavaScript
they're,
much
less
of
them,
but
they
are
not
so.
A
What
one
one
console
like
one
thing
that
makes
me
uneasy
about
this
is
that
even
though
these
are
so,
it
helps
mitigate
problem
to
some
extent,
but
it's
still
you're
a
Texan
like
the
keycode
is
great,
but,
like
other
other
ways,
we
can
be
not
be
one
mistake
away
from
people
losing
the
funds.
That's
the
kind
of
property
I
would
like
to
like.
A
We
should
be
two
steps
away
from
some
kind
of
compromise
and
whether
that's
because
this
is
the
way
you
have
if
you
want
have
secure
code
is
by
having
like
no
no
code
right
like
no
dependencies.
So
so,
how
do
we
move
closer
to
that
when
it
matters?
That's
the
question.
I
would
like
to
explore
how
we
can
sort
of
create
some
kind
of
corner
where
things
are
secure
and.
F
So
security
should
stay
hiding
complexity
and
it
sounds
a
little
bit
like
we're
trying
to
solve
this
issue
by
adding
more
complexity
by
bringing
in
more
tools
by
bringing
in
more
things
that
check
that
the
things
that
are
supposed
to
check
that
we're
safe,
so
I'd
probably
want
to
repeat
what
I
just
said.
Is
that
a
dependency
which
you
don't
have
is
one
that
you
don't
have
to
worry
about?
F
Is
there
any
way
we
can
simplify
things
instead
of
adding
more
things
that
would
lead
us
to
a
more
secure
world,
because
we
address
one
problem
but
but
we've
had.
We
hide
like
the
fact
that
these
things
they
happen
because
they're
hidden
inside
of
complexity,
inside
of
processes
that
people
don't
understand
and
when
people
don't
understand
things.
That's
when
you
can
apply
things
like
social
engineering
like
which,
which
tends
to
be
the
biggest
threat
back
there
right.
D
I
mean
we
can
just
make
a
conscious
effort
to
just
minimize
penances,
as
we
can,
which
I'm
being
a
little
bit
skeptical
about
in
terms
of
JavaScript,
because
I
looked
at
the
NPM
itself,
the
command-line
utility,
and
it
has
like
1500
dependencies
itself,
and
it
looks
like
that's
that's
how
JavaScript
works
right
now
and
I'm,
not
sure
if
we
will
be,
and
since
we
have
the
biggest
issue
is
not
our
dependencies
first
there
we
don't
have
that
much
our
dependence.
We
have
a
lot
of
transitive
dependencies.
D
That's
like
react
native
has
a
five
Brazilian
dependencies
itself.
The
other
libraries
so
I'm,
not
sure
what
we
can,
of
course
try
to
remove
one
thing,
another
thing,
but
unless
we
keep
in
say,
react
native,
we'll
just
probably
keep
over
a
thousand
dependency
same
way
or
maybe
over
500.
Something
like
that.
So
I'm
not
sure
how
to
tackle
it.
A
D
What
this
is
that
vulnerability
as
I
understand
this
was
done
like
this
NPM
thing
is
that
they
managed
to
overwrite
retrieving
the
private
key
method
and
it'll
go
through
two
minutes
ended,
so
we
probably
might
isolate
all
the
key
management
into
something
super
small
that
has
zero
dependencies.
That
also
doesn't
have
any
API
API
to
get
the
keys
out
of
it.
So
it
can
sign
stuff
itself,
so
think
things
like
that
might
help
to
isolate
a.
D
F
D
D
B
E
D
A
A
Like
sure
this
all
this
sort
of
cultural
things
and
so
on,
but
if
we're
talking
about
private
keys
and
and
signing
like,
like
a
dependency
even
being
able
to
do
that
kind
of
thing,
like
that's
a
kind
of
a
simple
Phet
model
and
and
and
just
solving,
that
would
be
like
a
very
clear
like
80/20
and
industry
and
nice
things
we
can
do
on
top
of
that.
But
I
think
just
getting
that
point
then
getting
to
some
kind
of
sandbox
state
would
be
useful.
A
It's
not
clear
to
me
what
that
path
looks
like
or
what
sort
options
are
or
mobile,
I
think
that
that
brand,
some
research,
but
what
we
did
the
nice
thing
about,
that
is
that,
then
you
can.
It
doesn't
matter
what
kind
of
things
go
on
around
it
just
like
if
you're
a
keycard
you,
you
can
make
some
kind
of
guarantees
in
the
face
of
uncertainty.
So
so
that
to
me
seems
like
a
first
step
and
then
there's
other
things
we
can
do
as
well,
but
just
getting
to
that
will
be
useful
right.
G
Yeah
there's
some
architectural
decisions
we
could
use
to
to
help
us
move
in
that
direction.
Specifically
right
now
we
have,
we
hold
all
all
Arab
state,
DUI
states,
at
least
in
one
big
fat,
every
big,
so
any
changes
in
one
part
of
the
app
can
accidentally
leak
into
the
other
part
of
the
app.
So
it's
not
actually
easy
to
do
to
manage
any
specific
module
in
in
isolation.
So
you
know
what
what
I'm
trying
to
say
is
that
we
were
discussing.
G
We
were
discussing
purposeful,
intentional
attack,
vector
due
to
some
guy,
taking
over
some
dependency
and
doing
this
all
this
stuff
with
it
on
purpose,
but
we
can
also
have
a
completely
incidental,
basically
bugs
that
also
can
that
can
also
cause
damage.
The
only
difference,
in
my
opinion,
is
the
intention
or
lack
of
it,
but
you
know
the
damage
is
the
same.
So
so,
basically,
we
should
probably
isolate
related
parts
of
the
code
into
modules
that
have
clear,
api's
and
you
know
protected
state.
A
Sorry,
I
think
a
good
one
good
step
first,
that
was
this
would
be
to
have
some
I
said
a
model
that
doesn't
touch
react
at
all
right
if
that's
sort
of
where
most
of
our
dependents
come
from.
In
terms
of
this
specific
class
of
attack
or
randomness,
that
seems
to
me-
and
it
would
also
probably
lead
us
to
a
good
place
and
stop
to
think
about
this
in
better
ways
and
so
on.
You're.
A
G
G
Yeah,
but
my
point
was
that,
for
example,
if
you're
fixing
some
feature
in
wallet,
you
do
have
all
the
access
to
the
state
needed
by
chat.
So
you
could
even
accidentally
break
something
else,
no,
never
mind
my
intentional
attack,
it's
even
possible
to
breaking
things
accidentally.
So
if,
if
the
app
is
less
fragile,
it
will
be
also
less
susceptible
to
two
attacks.
But
yeah
I
agree
that
it's
an
order
of
magnitude,
less
important
than
say
reasonably
straightforward
and
easy
easy
way
to
attack
through
some
kind
of
a
dependency.
A
So
we
should
probably
have
a
separate
call
for
this
and
it
would
be
good
to
have
core
on
it,
but
but
just
think
in
terms
of
isolation
like
you
can
have
a
hard
wallet
whatever
you
have
a
trusty
display
right
and
then
there's
only
so
much
communication.
It
goes
like
you
see
things
on
the
display
right
and
we
can
do
things
like
that
with
the
key
card,
but
it
says
somewhere
we
can
regain
the
same
kind
of
trusted,
use
interfacing,
key
handling
without
being
exposed
to,
like
some
random
dependency
did
or
whatever
type
of
thing.
A
G
D
D
A
And
think
that's
a
good
way
to
think
about,
because
Greeson
we
have
a
key
college,
because
you
don't
trust
your
phone
right.
So
that's
sort
of
the
secret
again
we
can
t
we
make
there,
but
if
you're,
using
Apple
or
Android
and
security
guarantee,
we
want
to
make
clear.
Is
that
as
long
as
your
phone
is
not
compromised,
it
should
be
fine
right
and
even
then
maybe
it's
still
fine.
The
problem
is
that
we
we
sort
of
have
fewer
security
edits
and
that
because
of
letting
in
this
sort
of
randomness
and
complexity.
D
D
D
E
A
D
And
Andrea
were
discussing
how
to
deal
with
it,
especially
in
terms
of
like
replies
and
seeing
messages
like
that
they
kind
of
have
to
have
to
mention
other
messages.
So
there
were
different
proposals
and
things
so
what
we
ended
up
with
that's.
Actually,
the
idea
to
keep
message
IDs
as
the
hashes
of
messages
is
okay,
but
we
really
implemented
it
in
the
wrong
way.
So
what
I
want
to
discuss
right
now
is
just
to
you
know,
bounce
this
idea
and
maybe
get
some
critique
on
it
and
some
conversation
about
where
it
might
not
work.
D
So
what's
the
idea
voices
that
we
hashed
the
message
here,
there's
the
hashes,
the
idea
of
the
message,
and
it
should
theoretically
work
as
long
as
you
have
the
message
before
trying
to
interpret
and
deserialize,
because
right
now,
what
we
did
wrong
I
think
is
that
we
as
I
understand,
try
to
interpret
the
message
and
try
to
validate
into
something.
So
we
don't
just
take
the
raw
payload
and
hash
it,
but
we
have
some
like
hash
of
interpreted
version
and
that,
of
course,
changed
changes
depending
on
how
what's
the
code
interprets
it.
D
So
if
it
was
version
1
that
interpreted
in
one
way
and
version
2000
then
IDs
does
information
it
fails.
But
what
I
thought
in
the
end?
That's
if
we
don't
do
any
interpretation
at
all
while
generating
the
idea.
So
we
just
take
the
rope,
I
load,
what's
whisper
or
whatever
transport
goddess
and
just
hash
it,
then
it
should
be
pretty
much
guarantee
that
what
was
sent
the
same
was
delivered
and
then
doesn't
matter.
How
do
you
interpret
it?
Which
fields
will
you
miss
or
which
fields
can
you
interpret
or
not?
And
things
like
that?
D
D
Ok
and
I
can
say
like
two
words
on
how:
how
did
we
come
to
this
idea?
It
was
essentially
with
replies,
so
the
idea
was
that
we
want
to
maybe
do
normalize
and
include
the
original
message
in
the
reply,
but
then
how
would
we
figure
out
that
it
wasn't
tampered
with
and
that
we
need
to
sign
this
message?
And
if
we
need
to
sign
this
message,
then
we
need
to
sign
the
whole
contents
of
this
original
message
and
then
it's
not
better
than
hash
of
this
whole
message.
D
J
I
think
they
would
later
odd,
so
basically
from
there.
You
know
the
course
is
relevant
that
there
is
a
PR
out
that
you
know
for
the
release.
Basically,
we
would
change
message,
ID
format
at
some
point
in
Knightley's,
and
this
PR
had
some
some
code
200
days
and
now
currently
works
and
is
basically
ready
to
be
released.
The
message
ad
that
we
changed
formatted
in
9,
please
like
this-
is
not
the
one
described
here.
So
if
we
do
change
it
again,
we
to
keep
compatibility.
J
We
need
to
add
code
to
support
3
version
of
IDs
now,
so
this
is
obviously
not
desirable,
but
there
are
some
time
constraints
on
the
release
as
well.
So
if
you'd
be
good
to
go
to
make
a
decision,
whether
we
want
to
sort
up
the
lady's
PR
get
the
implementation.
You
know
name
I'm,
not
saying
right,
but
you
know
like
as
best
as
we
can
so
that
we
don't
know
that
we're
gonna
actually
have
to
upgrade
like
next
week
and
push
out
the
PR
or
push.
E
J
F
Would
push
back
a
little
bit
against
the
idea
that
maintaining
several
competing
versions
necessarily?
Is
that
costly
I
mean
that's
the
kind
of
thing
that
you
should
be
able
to
isolate
like
from
a
functionality
point
of
view?
They
all
do
the
same
thing
that
you
should
technically.
You
should
be
able
to
isolate
that
and
like
having
the
three
different
versions
is
good,
because
then
you
can
compare
them
as
well
for
a
slightly
longer
period
of
time,
as
maybe
it's
a
maybe
like.
F
J
J
This
point
you
know
like
we
want
to
have
like
then
versioning
is
like
they.
You
know
that
finger
new
message.
The
new
ad
is
called
probably
just
new
message.
Id,
for
example,
is
a
field
called
new
message
ID,
so
next
field
will
be
new
new
message.
Id,
you
know
if
weird,
maybe
then
I
was
going
to
just
add
versioning,
probably
or
something
like
that.
I'm
not
going
to
be
a
look
to
be
are
very
briefly.
B
D
D
F
K
F
But
I'm
arguing
that
you
can
do
this
in
the
backwards-compatible
way
too
much
it
later
and
you
think
and
that
it
cost
is
zero
yeah.
But
but
it's
like
in
general,
as
a
mantra,
the
cost
is
near
zero.
It's
a
couple
of
bytes
in
the
message:
it's
like
nothing
right
and
if
you
approach
it
structurally
in
the
code
the
right
way,
it's
also
going
to
be
close
to
zero.
But
it's
a
killer
feature
for
for
users.
It's
like
they're,
like
people,
are
very
impressed.
F
If
you're
able
to
maintain
compatibility
and
then
we
can
make
informed
choices
to
remove
things
based
on
specific
criteria
or
say
security
right,
so
that
we
can
keep
the
agility
of
having
of
being
able
to
choose
good
technical
solutions
and,
at
the
same
time
like
have
a
structured
way
of
dealing
with
this
problem
so
that
it
doesn't
sort
out
every
time
it
comes
up.
It
doesn't
enter
in
the
developers
mind
at
all,
it's
so
costly
to
add
another
version
or
whatever.
D
I
mean
why
I
don't
see
how
I
mean
if
you
have
like,
if
you
stored
some
messages
like
yeah,
you
might
have
problems
with
mentioning
messages
that
were
already
in
the
database,
because
we
don't
store
all
content
anywhere
all
right,
but
all
the
new
received
messages.
You
will
be
able
to
generate
everything.
Just
fine.
K
K
You
have
some
handshake
for
this,
and
then
we
will
know
that
some
specific
wattage
this
one-to-one
messages
require
some
specific
version
of
messages
in
order
to
communicate,
etc
like
well.
We
can
do
this.
The
question
is,
how
cost
it
will
be
and
how
fast
we
can
do
this,
because
we
need
this
for
our
release.
That's
what
I
am
repeating
all
the
time,
because,
right
now,
we.
K
D
I
guess
what
we
did
for
release
is
just
to
add
one
more
field.
So
reply
to
and
reply
to
you
too
so
reply
to
still
contains
the
old
format.
Id
and
v2
essentially
contains
the
new
format
of
ID.
So
the
old
clients
won't
open
the
old
one,
because
you
about
it
always
and
the
new
clients
who
can
will
be
able
to
just
ignore
the
old
one
and
use
the
new
one.
A
A
We
maybe
don't
need
to
bring
this
up
in
this
house
cause
like
it's
like,
maintain,
compatibility
and
like
it
is
a
really
really
good
reason
like
security-related
or
it's
impossible,
because
we
screwed
up
sometime,
then
fine,
but
I
feel
like
this
is
like
we
can
generalize
this
to
general
comfortable
of
discuss.
Let's
go
spinning
coming
up
a
few
times
last
few
months.
Does
anyone
disagree
with
that.
J
I
think
it's
a
finger
issue
slightly
different
like
here
we
are
all
set.
You
know
we
all
agreed
and
maintaining
couple
disease
is.
The
thing
is
that
next
week
we'll
have
to
change
the
ad
format.
Basically-
and
you
know
we're
just
pushing
out
these-
these
quick
fix,
even
though
we
know
for
a
fact
that
you
know
like
we'll,
have
to
answer
to
me.
It
seems
like
a
bit
of
wasted
effort.
A
A
Things
that
should
be
in
a
beliefs
may
go
for
aesthetic
event.
Maybe
that
could
be
done
like
with
some
planning.
So
it's
not
this
last
week
effort
and
to
fix
things
up
like
patch
this
up,
because
that
gets
reared
as
an
event
is
like
an
emergency
and
I.
Don't
I
feel
like
we
should
be
on
that
stage
now,
I
don't
know,
Chad
was
some
mess
in
a
comment
from
point
of
view
on
like
why
we
are
rushing
with.
D
E
Part
of
the
problem
is
has
been
a
disconnect
between
the
like
events
and
marketing
needs
with
indicating
things,
but
to
help
remedy
that
I
did
it
discuss
post
last
week,
Asli
no
I
did
in
a
discuss
post
asking
for
dates
to
give
us
some
more
lead
time.
It's
a
kind
of
a
recurrent
problem
that
we're
trying
to
nip
in
the
bud,
but
definitely
more
notice
from
from
marketing
and
the
event
site
is
useful.
So
sorry,.
A
So
I
would
argue
if
that's,
if
there's
a
problem
with
lead
time
and
stuff
that
that
shouldn't
impact
like
development
really
like,
then
that's
a
in
terms
of
oh.
So
so
we
wasn't
communicated
in
time
right
like
that's,
that's
fine!
We
can
get
better
that,
but
that
doesn't
mean
that
we
should
rush
things.
That
should
mean
oh,
so
so
we
can't
release
this
release
and
this
way
it
is
that's
how
I
say
it,
because
I
feel
like
it's
doing
us
more
harm
than
good
and.
B
Essentially,
chad
posted
that
hey,
let's
it's
more
uptime
with
release
and
then
the
people
who
are
on
the
Asia,
Roadshow
I
think
is
Julian
and
mentioned
that
that's
what
it
is
that
we
need
to
have
a
release
for
the
roadshow.
So
it
didn't
really
come
from
marketing
that
side
that
there's
there's
a
push
for
this
release.
That's
happening
right
now,
I.
J
D
Yeah
but
again
we
will
make
it
like,
essentially
that
there's
one
thing
that's
was
yeah:
we
got
better
at
it,
but
we
can
do
better,
but
on
the
other
hand
like
in
any
event
planning,
it
would
be
nice
to
have
some
checklists.
That
says
that
if
there
is
anything
that
needs
to
be
released
by
this
event,
please
communicated-
or
this
please
communicate
the
schedule
like
it
not
like
a
week
in
advance,
because,
most
probably
it
wasn't
planned
that
we
didn't
plan
straight.
How.
C
K
C
K
K
Need
one
poor
request
if
we
decided
the
way
how
we
discuss
to
calculate
this
message,
it
is
fine.
I
can
file
this
parity
one
or
two
hours.
That's
it.
Then
we
measure
it
in
merely
40
studies.
The
Bayesian
is
if
we
want
to
have
a
proper
versioning
for
messages
that
will
require
much
more
time
to
develop
our.
A
K
One
point
here:
all
this
stuff
lead
to
new
message
ad,
it's
kind
of
related
to
a
slow
signing,
in
the
reason
why
it
was
changed
that
we
have
this
immigration
on
some
previous
version
when
we
changed
message
ad
and
we
kind
of
checked,
duplicates
messages
used
in
old
message
ad
and
new
message
ad
and
all
the
stuff
was
really
slow
and
was
done
at
the
startup
of
application.
So
message
said
you
was
changed
in
order
to
fix
this
issue.
K
H
F
I
just
wanted
to
add
note
also
to
different
marketing
or
or
really
anybody
that
comes
with
ideas
right.
The
problem
is
not
coming
up
with
an
idea
and
sometimes
good
ideas
come
late.
That's
that's
a
fact
of
life
like
you
have
it,
especially
with
events
right,
because
you
have
a
discussion
when
you
meet
people-
and
you
have
this
great
idea
right
so
I,
don't
think
we
should
ever
be
trying
to
hold
back
the
presentation
of
an
idea
yeah.
A
A
Sorry
I
cut
you
off,
so
maybe
this
this
can
be
a
discussion
between
the
people
who
are
familiar
with
this
with
details
of
the
code
but
in
general,
keep
compatibility
I,
don't
know
to
what
extent
that
the
extension
stuff
is
absolutely
needed,
but
Sumida
stand
figure
out
the
way
that
we
can
either
flag
it
or
revert
to
commit
or
whatever
needs
to
happen,
to
get
released
a
long
time.
That
does
seem
reasonable
or
are
there
any
big.
C
Drama
yeah
I
mean
just
to
add
to
that.
Like
I
mean
if
the
extension
stuff
is
needed,
look
everyone
knows,
status
is
slow
to
sign
in
and
they're
not
gonna,
be.
It's
not
gonna,
be
like
a
huge
change.
If
it's
still
slow
to
sign
in
for
another
two
weeks
so
and
if
they're
all
new
users
like
they
were
waiting,
act
them
as
much.
E
B
Yeah
I'm
on
the
fan
of
backwards
compatibility
and
we're
gonna
do
backwards
compatibility.
We
should
do
it
right.
It
takes
your
time
to
do
it
and
if
we
can,
if
it's
not
necessary
to
push
this
out
for
the
extensions
that
Julie
needs
for
the
for
the
roadshow,
then
yeah
I
think
would
be
the
best
for
us
to
move
forward
properly
on
that
issue.
If
we.
E
E
D
K
D
K
C
K
F
K
D
D
A
B
C
C
B
B
That
was
that
came
out
of
the
whole
presentation
from
from
the
bill
for
the
for
the
gamba
and
that's
where
everybody
was
tracking,
there's
multiple
notes
and
and
different
different
versions
of
people
moving
towards
okay,
ours
and
it
I
never
heard
anywhere
saw
anywhere
posted
that
okay,
ours,
we're
not
going
to
get
done.
So
guess
we
need
some
sort
of
clarity
on
that.
Whether
that's
part
of
this,
this
process
or
not.
A
B
C
Told
I
told
them
a
bill
that,
let's
not
do
any
other
chaos
until
we
understand
exactly
what
we're
doing
in
terms
of
the
next
six
months
in
terms
of
development,
so
I'm
happy
to
do
it,
chaos
I,
quite
frankly,
I.
Don't
like
the
you,
a
chaos
as
they
currently
stand,
like
none
of
them
were
measured
and
recorded
in
a
central
location.
So
it
kind
of
made
the
whole
thing
useless
and
it
was
a
massive
managerial
overhead.
B
A
So
we
almost
have
time
might
I
suggest
we
bring
this
up.
We
can
talk
about
it.
Often
so
that's
I
guess
just
two
things.
So
one
is
already
sort
of
technical
things
that
people
should
be
aware
of
things
that
upcoming
and
changed
anything
like
any
quick
announcements,
all
right,
cool
and
then
and
just
a
brief
question
on
sort
of
time,
because
I
think
we
drifted.
This
was
anchored
in
UTC
where,
as
the
Town
Hall
one
is
one
hour
ahead
is
this
time.
Okay,
would
people
prefer
to
have
one
hour
later.