Proposal “DCGInfraSept_Oct“ (Completed)Back

Title:Dash Core Group Infrastructure Sept - Oct
Monthly amount: 543 DASH (13144 USD)
Completed payments: 2 totaling in 1086 DASH (0 month remaining)
Payment start/end: 2021-08-13 / 2021-10-11 (added on 2021-08-11)
Votes: 930 Yes / 77 No / 1 Abstain

Proposal description

Dash Core Group August 27th Funding Proposals
DCG is submitting 2 funding proposals for the budget cycle that pays out August 27th:
1) DCG Compensation: 2,423 Dash per month (currently in month 1/3)
2) DCG Infrastructure: 543 Dash (currently in month 1/2)

What does this specific proposal fund?
This multi-month proposal funds Dash Core Group's ongoing infrastructure costs and phase 1 of a security audit for the Dash Network Core Protocol. We detail these costs in the following “Infrastructure Cost Details” and “Security Audit Details” subheadings.

Infrastructure Cost Details
The tools and services to be covered by this proposal are critical for the DCG developers and other staff to work productively. It also includes hosting for externally-facing services including the website, forum, testnet, devnets, etc.

The last time funding was requested for the Dash Core Group’s infrastructure budget was in November 2020. 

Our current infrastructure costs average $20,000/month - this includes infrastructure, software licenses, and tools and applications used by DCG. This proposal, if paid out at the current exchange rate of $183 / Dash over the next budget cycle, should provide sufficient funding for 5 months of infrastructure costs.

These funds are for the following services:
  • Cloud computing services (for hosting ~150 testnet and devnet servers, insight API, websites, forum, etc.) with AWS, DigitalOcean 
  • Software development tools, licenses and applications (including continuous integration builds)
  • Security applications (password managers, VPN services and custodial wallets)
  • Infrastructure monitoring tools
  • Service desk licenses
  • Accounting, finance and expense reimbursement software subscriptions
  • Google Suite (includes email hosting, calendar, document management, video conferencing, and a number of other productivity tools)
  • Video-conferencing services for streaming purposes (Zoom)
  • Collaboration tools such as Atlassian and Slack that collectively constitute the DCG “workplace”
  • HR systems, recruitment systems and recruitment sites (this significantly increased monthly cost of operations recently)

The expenses for cloud computing instances constitute the largest portion of our infrastructure costs. These costs run approximately $11,000 per month. This includes cloud computing services for Dash Platform’s presence on testnet.

We continually review all of our infrastructure costs with the goal of only paying for what we need.  Over the recent 6 months our infrastructure costs have increased due to:
  1. Increased demand from platform team for testnet and devnet servers (permanent increase until platform mainnet)
  2. Expansion of number of staff which leads to an increase in tools and licensing costs (permanent increase)
  3. Recent implementation of recruitment tools and use of recruitment websites (temporary increase in costs)

Overall, we anticipate our infrastructure costs to continue to average in the $15,000 to $20,000 monthly range.

Security Audit Details
Dash has an incredible set of features that offer the potential to significantly improve the user experience, offering fast, secure, scalable, and inexpensive transaction processing.  However, some of these features can only benefit users if they are widely supported by the services with which they interact. While Dash is highly secure (e.g., based on Bitcoin, operating since 2014, etc.), some features of the Core protocol have not had a formal third party audit by a reputable firm.  

Many service providers do not support Dash’s unique features, particularly those pertaining to transaction speed / finality; a formal security audit would address one of the main concerns we hear from exchanges and would enable us to reopen conversations with these exchanges, brokers, and payment processors to support ChainLocks or InstantSend. Formal audits also lower the perceived risks of listing Dash and can help address the concerns of compliance and risk teams at exchanges, especially those that have stringent policies that would prevent unaudited blockchains from being added to their platform.

Dash Core Group has kicked off this initiative by distributing a Request For Proposal to 8 firms that specialize in security audits in the blockchain space. Three firms were shortlisted and we are refining the scope of the audit with each firm to deliver value and better align with our internal development timelines for v0.18 or Core. We expect to make a final selection by the end of August, at which point we plan on formally engaging them with a contract to start the audit activities in late September.

Three of the firms we reached out to were unable to submit a proposal due to capacity constraints and the average timeframe estimated by the three shortlisted firms was about three months. This timeline is important to consider since the same or a second firm may be used for the security audit that will also need to be performed on the Platform components and the associated supporting technologies we will deliver in v0.18 of Core. This proposal is only intended to fund the audit of the Core protocol (focused primarily on ChainLocks and InstantSend). A separate proposal to fund the security audit of the Platform protocol will need to be submitted when that development is nearly complete and stable enough to audit.

The three firms that were shortlisted are Informal Systems, Least Authority and PixelPlex. Two of the proposals were fixed quotes and one was based on a time and material estimate; the average of all three comes to approximately $200k. This portion of the DCG proposal is for ~$60k which would cover the first phase of the audit which is estimated to take one month.  Additional funds will be requested in the subsequent months of 2021 as we progress with the chosen firm(s) and re-evaluate our internal development timelines for alignment with the remaining phases of the Core and Platform audits.

If you have any questions, please direct them to @kot or @brianfoster in this Dashcentral post to ensure we are notified of your request.

Requested funding is as follows for the September and October budget cycles:
· 540.5 Dash for core team infrastructure ($99,000 USD @ $183 per Dash)
·     2.5 Dash proposal reimbursement
Total: 543 Dash

Note: Should any funding remain, we will apply it toward future infrastructure expenses and related taxes.

Show full description ...

Discussion: Should we fund this proposal?

Submit comment
2 points,2 years ago
I think these ongoing costs could and should be halved but I will make a rare Yes vote in this particular case because of the security audit.
1 point,2 years ago
Thank you for your vote.
Could share with me an idea on how to halve infra cost, please? I'm all ears - this would be very significant improvement.
1 point,2 years ago
I am thinking, it might be worth crowd sourcing the research to get the best deals. For example, the current costs and requirements for various resources could be published to social media and we would all scour the web for the best deals. I see, for example, that you are using Digital Ocean when I see a lot of people saying Vultr is better. Has streaming over Lbry or Matrix been considered? I'm more than happy to try and find good alternatives, just need to know the specs and current costs.
-12 points,2 years ago
Can you please add the MNO tag to your username so that we can know that you're actually a MNO?
-13 points,2 years ago
Why the downvotes? I even said please.

If GMD is a MNO I'll happily retract my previous comments in this regard and apologize. He either is one or he's not.

If he is one, then why wouldn't he want the rest of us to know that? It's a simple matter and takes five seconds to verify.

If he's not one then, again we have the right to know that. There's no scenario where keeping that a secret is in the best interests of the network.

Nor does downvote brigading without comment benefit anyone but bad actors.

Only MNOs and the PO should comment here. I didn't make that rule up but I definitely appreciate the change since it was enacted.

It's nice knowing the only people who are commenting are the people who should be here.

Trying to get around that just to spite me is not only childish, but also the sign of a bad actor.

Only MNOs should try to influence other MNOs with their comments. Unless you have a reason why otherwise unrelated third parties should be allowed to comment here, in which case please share it with the rest of us before you downvote.

Mob rule never works. Pretending like you don't have to answer this charge only indicates that you have something to hide.

I'm only speaking in order to ensure the network benefits. I don't care about "winning" discussions, making GMD "feel bad" or anything like that. I only want the best for the network, as shills and posers have done untold damage to Dash in the past.

Why would you even want the possibility of that implication attached to your username if you're truly a good actor with good comments and intentions toward everyone else in the network?
-11 points,2 years ago
Imagine downvoting a MNO for asking a supposed other MNO to prove that they are one, like everyone else does...

What other evidence of conflict of interest and trollish behavior would you need in that case?
4 points,2 years ago
Imagine being such a vile human being people hate everything you say.
-2 points,2 years ago
I guess you don't have to imagine, since you already know huh?
-3 points,2 years ago
I mean, you have to be a terrible and vile person to support downvote brigading and censorship. This little venom from you goes to show how toxic and despicable you actually are. Imagine being such a piece of shit that you argue IN FAVOR of censorship in a decentralized, permissionless network. You have to be some kind of evil to think that would work.
5 points,2 years ago
It's a YES from me, very happy to hear you are starting the process of a security audit on core/L1.
2 points,2 years ago
Thank you.
4 points,2 years ago
Yes from me. Interesting to hear that a security audit is included with this budget proposal.
1 point,2 years ago