Hello there!

We are happy to announce that voting is now open for a new IC release.
The NNS proposal is here: IC NNS Proposal 131054.

Here is a summary of the changes since the last release:

Release Notes for release-2024-07-10_23-01-base (a3831c87440df4821b435050c8a8fcb3745d86f6)

Changelog since git revision e4eeb331f874576126ef1196b9cdfbc520766fbd

Features:

• 0afe54baa boundary-node: add rate-limiting by subnet to ic-boundary
• 8a5464374 consensus: Add the subnet Id of IDkg artifacts to the artifact Id
• 24c3a6876 crypto: add tracing annotations for some of the IO operations in the replica
• 3809a39ad execution(schnorr): Make public key parsing case insensitive
• ea10ecda6 execution,runtime: Add persisted metric counting the number of signature agreements with each key Id
• 4fac1849f interface: Print number of instructions in a more readable form
• fb2acfabb message routing: Use BatchSummary to flush PageMaps
• ff5df144b message routing: Add Reject Signals for Requests; Canonical State
• 83c78b09a message routing: Best-effort messages: Introduce NewCanisterQueues
• 40b3b6799 networking: publish https outcalls adapter with http enabled for dfx
• 17df8febd runtime: Switch to compiler sandbox for compilation
• 51f43a115 runtime,execution: Update calls stable memory limit adjustment

Bugfixes:

• 8b88480aa consensus: Verify blocks in notarization fast-path
• 373eddb30 consensus: Do not consider missing pre-signatures as fatal when building inputs
• a2fa6f82e consensus: PR#313 schnorr: Remove leftover uses of ComputeInitialEcdsaDealings
• 39af4c58b networking: do not block when writing logs
• fb4726002 node: network.sh hanging

Chores:

• 44aba7735 boundary-node,node: BN disable-latency-routing by default
• e4479636f consensus(orchestrator): utility function http_endpoint_to_url
• 2e7cce7dc consensus: Remove deprecated EcdsaKeyId from MasterKeyTranscript and IDkgReshareRequest
• 19d26b4e4 consensus: Rename individual IDkgMessages and EcdsaKeyTranscript
• a2d57712a consensus: Rename EcdsaPool, EcdsaChangeSet, EcdsaPrefix, EcdsaArtifact and EcdsaStats
• f76347c64 consensus: Rename EcdsaMessage to IDkgMessage
• 61407a019 consensus,networking: split ArtifactKind trait into two traits
• 6b04a687a crypto: upgrade sha2/sha3/digest from 0.9 to 0.10 in crypto code
• 5261f8135 crypto,IDX: align cargo & bazel deps
• b7975d31b crypto,NNS: Add buildifier sort comment to Bazel files
• 50d1c08ac execution: Remove obsolete ComputeInitialEcdsaDealings ic00 method
• 45f1e8597 execution: Remove unused function in SandboxSafeSysteState
• 3fa9c6d64 execution,runtime: Remove obsolete sign_with_ecdsa_contexts from SubnetCallContextManager
• 4c75016a8 execution,runtime,IDX: align exec env builds
• 7a308b459 interface: Add a guard against reject signals with reasons other than CanisterMigrating to the canonical StreamHeader conversion.
• b7ab9a59f message routing,execution: Remove the From trait for RejectCode from StateError
• a5856f00f message routing,execution: Canister queues misc cleanup
• 2987c9d86 message routing: CanisterQueues miscellanea
• ec981034b networking: Use an IC type for the logging level so the config is agnostic to different logging frameworks
• 6aceb6a35 networking: expose https_outcalls to PocketIC
• 23eb3aae5 networking,execution,consensus,interface: rename ic-btc-types-internal to ic-btc-replica-types
• 6135fdcf3 node: Fix etc/ permissions Dockerfile comments
• ad9392d99 node: Remove unused nftables.conf
• 6a081a6bf node: Update container base images refs [2024-07-04-0816]
• 9c89f33e1 runtime(RUN): Upgrade Wasmtime to v22.0.0

Refactoring:

• 38565ef90 execution,message routing: Drop StateError::InvariantBroken
• 6101d93c3 interface: Have PrincipalId derive PartialEq

Tests:

• e04ff0db0 execution,message routing(replicated-state): Upgrade/downgrade compatibility tests for canister queues, step 1
• fdbf4f4a8 execution,runtime: Update state_machine_tests for threshold signature fees and mock signing responses
• d7337776b execution,runtime(IDX): Disable execution_environment_test on darwin
• 68d689dc7 execution,runtime,message routing: Migrate state_machine_tests to use generic iDKG keys
• 53b0451c0 IDX,execution,runtime: enable execution_environment_test on master
• 66d460391 crypto: replace ed25519-consensus with ic-crypto-ed25519 in tests

Other changes:

• a6acb0ddc networking: revert “feat: publish https outcalls adapter with http enabled for dfx” and “chore: reqwest https outcalls”
• a3831c874 runtime: Revert “feat: Switch to compiler sandbox for compilation”

IC-OS Verification

To build and verify the IC-OS disk image, run:

# From https://github.com/dfinity/ic#verifying-releases
sudo apt-get install -y curl && curl --proto '=https' --tlsv1.2 -sSLO https://raw.githubusercontent.com/dfinity/ic/a3831c87440df4821b435050c8a8fcb3745d86f6/gitlab-ci/tools/repro-check.sh && chmod +x repro-check.sh && ./repro-check.sh -c a3831c87440df4821b435050c8a8fcb3745d86f6

The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image, must be identical, and must match the SHA256 from the payload of the NNS proposal.

Hello there!

We are happy to announce that voting is now open for a new IC release.
The NNS proposal is here: IC NNS Proposal 131055.

Here is a summary of the changes since the last release:

Release Notes for release-2024-07-10_23-01-storage-layer-disabled (0d2b3965c813cd3a39ceedacd97fa2eee8760074)

Changelog since git revision a3831c87440df4821b435050c8a8fcb3745d86f6

Bugfixes:

• a1ce68f interface: Disable new storage layer

Other changes:

• 0d2b3965c runtime: Revert “feat: Switch to compiler sandbox for compilation”

IC-OS Verification

To build and verify the IC-OS disk image, run:

# From https://github.com/dfinity/ic#verifying-releases
sudo apt-get install -y curl && curl --proto '=https' --tlsv1.2 -sSLO https://raw.githubusercontent.com/dfinity/ic/0d2b3965c813cd3a39ceedacd97fa2eee8760074/gitlab-ci/tools/repro-check.sh && chmod +x repro-check.sh && ./repro-check.sh -c 0d2b3965c813cd3a39ceedacd97fa2eee8760074

The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image, must be identical, and must match the SHA256 from the payload of the NNS proposal.

For proposal 131054, the referenced git revision (a3831c87440df4821b435050c8a8fcb3745d86f6) doesn’t seem to belong to the IC repo.

^ this is what Github displays (I think this indicates that the branch has since been deleted).

If I try to fetch all changes and then search for this commit (a3831c87440df4821b435050c8a8fcb3745d86f6) it’s not found.

Based on the git graph and the revision for proposal 131055, it looks like the correct git revision for proposal 131054 would normally be 6135fdc (but that wouldn’t include ‘Revert “feat: RUN-842: Switch to compiler sandbox for compilation”’)

Given the current circumstances I’d be inclined to reject proposal 131054.

@Lorimer seems to have been an issue with the gitlab → github sync (and migration). This issue should be fixed now, please try again. I manually pushed the branch, although this was supposed to be done automatically

Thanks @sat, much appreciated, that’s addressed it

Given that the commit hasn’t been available externally until now, it’s concerning how popular the ‘yes’ vote has been so far (how did they verify the build?!)

image757×564 22.2 KB

@dfxjesse (Rakeoff), @krzysztofzelazko, as named neurons are you able to explain your vote?

Recently, the Rakeoff named neuron has been set to follow krzysztof.

Is there an expectation to verify these esoteric IC releases? In an ideal world you could say yes. But realistically do you expect named neurons to verify all of these? Isn’t that what the “follow” functionality is for.

If you’re actively voting ‘yes’ (rather than following someone else’s vote that you trust - as in your case), then absolutely yes. It’s extremely dangerous (particularly moving into the future) to vote blindly on technical proposals that modify the protocol.

But realistically do you expect named neurons to verify all of these?

No, in the same way that all named neurons are not expected to actively vote on all proposals. Yes, I agree that this is what following is for (passively voting, by actively choosing who you allocate your voting power to). Given that Rakeoff is a liquid staking protocol, the choice of followee is extremely important (assuming the voting power of any number of stakers is in play - not just now but in the future).

Can I ask why you chose Krzysztof for Rakeoff to follow (what selection criteria were you using that were met by this named neuron)?

@krzysztofzelazko, looks like it falls to you. Are you able to explain your vote?

I wouldn’t give krzysztof a hard time about this, seems like your trying to put some public scrutiny on something I wouldn’t consider that important. It was a proposal submitted by Dfinity for an IC release . Frankly, what’s the big deal here?

It looks it was verifiable later and all was fine anyway? Should we be expecting Dfinity to be publishing malicious code to the NNS?

IC-OS proposals have the potential to cause untold damage if a nefarious proposal slips through the net. Why would you consider this to not be important?

It was a proposal submitted by Dfinity for an IC release . Frankly, what’s the big deal here?

Why do you think a great deal of effort has been put into the design of the NNS, reproducible builds, and governance decentralisation initiatives - do you think all of that is pointless?

It looks it was verifiable later and all was fine anyway?

If I’m confident in my ability to hold my drink, so I down a few pints of Guinness and then hop in my car to pick up some food, does it make it all okay that I managed to get home without a scratch (no harm no foul) - at least I got my food? Or did I roll the dice and do something unjustifiable?

Should we be expecting Dfinity to be publishing malicious code to the NNS?

Honestly I think comparing voting yes without verifying IC-OS releases to drinking and driving to be unjustifiable. I can’t really see how that is an appropriate analogy to use here.

Besides that, I know these are important proposals, however I was saying that if a named neuron (such as krzysztof’s) looks at an esoteric proposal about an IC-OS release from what appears to be Dfinity and votes yes on it - I don’t think they should be held to public scrutiny and have to explain their vote.

Maybe you want to hold named neurons to a really high standard. That is probably an argument against named neurons then as a whole and you could start a thread and discuss that.

@Lorimer correct me if i’m wrong but you are apart of the CodeGov team? So you get paid to verify these?

I think it’s important to remember most named neurons are not paid to verify these and are just doing the best they can and receive the normal staking rewards for doing so.

Honestly I think comparing voting yes without verifying IC-OS releases to drinking and driving to be unjustifiable

Both are examples of ‘no harm no foul’ mentality, and an ‘appeal to consequences’ logical fallacy. If you agree that one action is wrong despite the absence of consequences in a specific scenario (e.g. drink driving) then it begs an explanation for why another ‘no harm no foul’ scenario (blindly voting ‘yes’ on a proposal that could bring down the IC, but didn’t) is justifiable on that basis.

I don’t think they should be held to public scrutiny and have to explain their vote

Named neurons have gone out of their way to advertise themselves as voters to be followed. I’m inviting Krzysztof to explain what happened here (I’m not assuming that there’s not a justification). I’m sure he’s perfectly capable of defending his position himself, or holding his hands up, and reassuring potential followers about how future proposals will be tackled.

you could start a thread and discuss that

If you think that would be useful, I may take a look at doing so at some point.

correct me if i’m wrong but you are apart of the CodeGov team? So you get paid to verify these?

Yes.

I think it’s important to remember most named neurons are not paid to verify these and are just doing the best they can and receive the normal staking rewards for doing so.

This is unlikely to be the case moving forward.

In any case, I don’t see your point. If you’re not going to verify a proposal before voting ‘yes’, you’re acting irresponsibly. This is the use case that liquid democracy accommodates - so why not use it properly (follow those who put the work in and verify proposals, and even review the code - Krzysztof could simply follow a neuron that claims to do / evidences this)?

FYI @DRE-Team, similar to a few weeks ago, the ‘Changelog since git revision’ reference for proposal 131055 (above) is incorrect - at least as I understand it.

image926×108 9.99 KB

Proposal 131055 stems from commit 6135fdc (highlighted in the git graph illustration above), not a3831c8 which is actually a future commit with respect to the head 131055 proposal commit (0d2b396) and is also on a separate branch (illustrated in the git graph above).

This proposal summary claims to be making a change but then reverts that change in the same proposal (so it’s not actually making that change at all). I think it would be a lot cleaner and easier for voters to follow if these sorts of commits are omitted from the proposal summary altogether (provided the reversion commit is an exact reversion).

This situation is similar to a few weeks ago.

Do you have any thoughts on this @DRE-Team?

@nikolay.komarevskiy are you able to provide more information about why latency based routing is being disabled by default. This would seem to be a useful feature. Could you explain the scenarios where this would be undesirable (and why these represent the default case)? Thanks in advance.

this is quite unique case that we didn’t have before so it’s not supported in our tooling and therefore kinda a mistake. we discussed this previously that a case like this might happen and were not sure if it makes sense to say something like “change since this commit” if the commit is not actually a tip of some release that was blessed before. I think in this specific case, we would want to say something like “change since commit 6135fdc (first introduced in release a3831c8)”

we discussed this prior to publishing the release notes and decided it would be best to include it for transparency.

Thanks for your response @Luka. Do you think it could be worth displaying these types of scenarios slightly differently, rather than including a reverted change in a list of changes to be applied?

I like your suggestion for how to display the ‘change since’ commit. I think that would be very helpful.

we can change the formatting if you have some idea. it would just be beneficial to maintain both commits in the changelog for transparency. a thing to note, this is not such a common scenario either. i’m pretty sure it’s first time in 3 years that we had such a weird case.