DApp certification and Community Curation

hi everyone this is charles hoskinson broadcasting live from warm sunny colorado always warm always sunny sometimes colorado today is november 27th it's a saturday over at the office got my stuffoluficus i also have my bob ross and there's nothing better in life than when your bob ross rides your snufflufficus anyway today's a brief chat but it's something that i wanted to talk about so as many of the pab is out on the net and people are using the pab right now and the construction of their gaps and so on our side we've gotten a huge amount of technical questions and we've been going back and forth with a lot of the different dexes like sunday swap and others basically the back and forth is about features functionality etc etc so cardano dapps are under construction and i wouldn't be surprised to see them in market very soon like soon within weeks to months it just depends on the team their ability to execute how long they want to leave things in the test that and this brings up an interesting question about dap quality and the level of support behind adapt if it's rightly constructed or not okay so there are a few things that i want to be manage expectations on amongst the community and that's why i'm making this video we io global all the people work with us in the building of cardano invest an enormous amount of money time and effort into proper protocol design formal methods and software design the benefit of that is that you end up having software that's high assurance so there's a very good possibility that the bugs are minimal security issues are minimal and that the software works as intended okay and the downside to that is with current tooling it can be very expensive especially for complex software and time consuming which is one of the reasons why we get a common criticism from the move fast and break things paint chip brigade that we're too slow to market although we seem to be doing quite fine ecosystem continues to grow and a lot of things to do but we're moving as fast as i think any project ought to given what's at stake and how much money is at stake i will remind everybody that this year 10.5 billion dollars of money has been lost or stolen as a consequence of bad dap design and insider problems you avoid these things when you take a methodical deliberate process not necessarily slow but at least methodical and deliberate now what does this have to do with the dap ecosystem on cardano it is the responsibility of the app developer to write a dap correctly okay let me repeat that it is responsibility of the dept developer to engineer and build an application correctly now great ecosystems and platforms will give you good tools and we're going to go through some of the firms and tools but great ecosystems and great developers will give you tools to help you build correct software but no ecosystem can build full proof guaranteed to work all the time every time software none it's never happened in the history of engineering ever there will always be a bug a design flaw or some problem in software even our own okay and that's just the reality of software engineering because the things that you think are true or valuable will change and the infrastructure you run your things on can have flaws even if you have a formally verified programming language and a certified compiler the infrastructure that you're verified if a language and compiler and these other things runs on is not it's turtles all the way down so that means that as dapps in cardano on cardone turn online at least one of those dabs will have a design flaw a bug or other problem and at least one of those dapps will be fraudulent somebody sang something but it turns out the dap has a back door in it to steal your money okay we are not immune to that we did everything as engineers and scientists in our power to give the developers and the community tools in order to sort out good from bad and i would argue significantly better than what exists in the ethereum ecosystem even apples to apples but it is your job the community to demand vigilance and basic best practices and you the community have a big say in this as these dapps come online okay so let me share my screen real quickly and we'll kind of talk through it so if you attended the summit that cardano held the summit talked a lot about certification of software and there are several ongoing efforts about certifying gaps written on cardinal first off because plutus is kind of similar to haskell the tooling of the haskell ecosystem works inside the plutus ecosystem and as a consequence of that we are for better or worse able to do things the haskell way i and so that means you get big upside on testing so kuvick is one of the granddaddies of these companies started by john hughes he was one of the creators of cubic and they use something called property-based testing you see right here is a great blog post from nicholas dubian and it talks a little bit about how property-based testing works now you'll notice something it says hey a property-based testing framework for javascript so this is not exclusive to the haskell ecosystem property-based testing can be used in many mainstream programming languages for example there are frameworks in python c plus plus scala and huge the founder of cubic says don't write tests there's all kinds of cool things here and there's some videos and so forth so i'd highly recommend that you read this property based testing blog that's up here and some of the links and kuvik is one of the firms working with us on cardano specifically for building tooling to test dapps that are constructed another one of the core entities is runtime verification they do k and they've been in this ecosystem for a long time and one of the things they're doing is writing k-semantics for the latest version of pollutus and creating tooling for formal verification of plutus programs in the ethereum ecosystem probably the best suited to do verification of ethereum smart contracts is a company called cirtic they're based out of yale a very prominent university in the united states and they have tooling to look at all of the different common daps and applications and those tools are being gradually ported over to the cardano ecosystem and they can be used on the evm side chains like vehicle media or mamba but they're also going to be an auditor that's going to work with us in the in the plutus application space and another video i'd recommend is formal verification applied from pawel and he talks about tla and so this you can just take a look at this title right here in the video and all of these give you a sense so what we're doing right now is we're building out certification levels level one two and three and we're going to create a series of standards in the cardano ecosystem and the dapp store that we're building as commercial software on the i o side will actually visualize certification differently so if you're adapt developer and you're learning how to use the tools of cardano one side is developer experience so the sdks these libraries these tools will get rapidly better very quickly because there's a lot of people whose day job is to accommodate that but then on the other side is the curation of the dabs one part of curation is certifications one part of curation is community curation okay you need both in order to have a great ecosystem so we have level one two and three and that's just the level of verification you've done the level of tooling that you've put at it and if there are external auditors or not like runtime verification like cubic like certtic so the app store we construct will physically visualize those things that are certified from those things that are uncertified again just being certified doesn't necessarily mean that there isn't a bug or a flaw but it's a game of diminishing returns just a little bit of work will give you a strong certainty that at least some obvious things are not present and a lot of work will give you a high level of certainty relative to the value at risk that the application's working properly and it doesn't have back doors in it and a lot of things have been checked and so the community curation part comes into play where the community needs to start working together as new dapps are announced and develop an immune system and have a professional degree of skepticism who are the team where did they come from were they pluto's pioneers what level of familiarity do they have with the cardano ecosystem is this a new venture or a port of an old venture use of funds etc etc basic due diligence so we mentioned that there's going to be a dexcon next year quarter one probably at alfred's hotel and we'll arrange that but one of the things that we'll start talking about are some universal standards for community curation of dapps in the cardano ecosystem to be honest i think we can do significantly better than the cryptocurrency space has done historically if you look at the track record of our industry it has been one of apathy if we were to give people the benefit of the doubt and malice and fraud if we were to hold people accountable for the things that have happened and i do not want to see that occur in the cardano ecosystem as an architect a protocol designer engineer firm what we can do is build great tools but the old proverb you can lead a horse to water but you can't make a drink the community you have to drink you have to self-govern you have to hold people accountable so when you consume a dap you're you should ask basic questions like has it been certified or not what is the nature of the team how many people are using it did they build it on a test net do they have a bug bounty program what are the external auditors for the code base who are these auditors these are these firms that have been around for a long time with a demonstrated track record or they completely new firms and you the community should create rewards and incentives for the audit oversight and curation of dapps in our ecosystem our competitors like to believe cardano is a ghost chain and actually it's the exact opposite there's going to be a flurry of activity and as this activity turns online what's going to happen as we noticed with etoro and bitstamp the tale of two exchanges the media in our space and our competitors do not give us the benefit of the doubt and they sometimes just simply lie so a small exchange relative to trading volume besides the ring fence a certain group of users because they're de-risking all of their yield products has nothing personally to do with cardano and then that gets extrapolated to a global de-listing even though they're still running pools and advertising globally the listing of ada we have not been delisted from euro and ignored the entire listing at bitstamp this was done on purpose it was not an innocent mistake this was not something the media just all well we didn't know better no they did there are people within crypto media who are frankly dishonest about cardano and never will be honest about cardano they diminish our accomplishments and over emphasize the missteps and failings and issues and every ecosystem is going to have both of them so as dapps come online with cardano if the dap is not designed properly it's not set up for concurrency because they did stupid things in its design there's a security flaw or an issue there will be a very strong attempt from those very dishonest people in crypto media to then extrapolate that cardano is a failed experiment and then the entire ecosystem is pointless and meaningless and they will push that message as aggressively as possible that's just the situation we're in i don't know where the malice comes from or where the hatred comes from for doing things the right way i guess it has exposed a deep insecurity in these projects in these people and they're terrified that our success will mean that they'll be held to the same standards we've held ourselves in which case they cannot beat us so we must fail in order for them to continue as business as usual and accept 10.