From 79c5f7a1ad81cc5ed8fb15140861382ef00121dc Mon Sep 17 00:00:00 2001 From: SW van Heerden Date: Thu, 5 Oct 2023 12:22:50 +0200 Subject: [PATCH] feat: update 119 (#180) * update 119 * Apply suggestions from code review --------- Co-authored-by: Cayle Sharrock --- _updates/2023-10-04-update-119.md | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 _updates/2023-10-04-update-119.md diff --git a/_updates/2023-10-04-update-119.md b/_updates/2023-10-04-update-119.md new file mode 100644 index 0000000..5e75485 --- /dev/null +++ b/_updates/2023-10-04-update-119.md @@ -0,0 +1,30 @@ +--- +layout: update +tag: Developer Update +date: 2023-10-04 +author: SW van Heerden +thumbnail: update-background.jpg +title: Base layer development update +subtitle: +class: subpage +--- + + +The core team has been diligently focusing on two key areas: ChatFFI and Core security. + +### ChatFFI + +One of the biggest pieces of the Tari tech stack is our comms layer. This is an overlay network on top of TCP/IP and lets participants in the Tari network find each other, communicate with and even store messages for peers on the Tari network. All this is managed without a single centralising server, and all communication is E2E encrypted and authenticated. + +Obviously, the primary use case for the Tari comms layer is Tari transaction and block broadcasting. However, the comms layer is actually a general purpose communications protocol. + +You could very easily, say, play [peer to peer chess](https://www.tari.com/privacy-chess/) using the Tari Comms layer. Equally, one could run the world's most private and secure chat application. No phone numbers, not a single server, just 100% peer-to-peer messaging. This is the thinking behind the development of the ChatFFI library: an independent library for facilitating the development of peer-to-peer chat across the Tari network. + +It's still in an alpha state, but steady progress is being made, and the functionality will be included into Aurora in the coming months. + + +### Core Security + +On the security front, the team has dedicated itself to an exhaustive code audit process, inspecting every line for potential vulnerabilities. In conjunction with the [diagrams](https://github.com/tari-project/tari/tree/development/docs/src/diagrams), we meticulously examine the logic of the code to verify that it operates correctly and as intended. Rust, our language of choice, provides a solid foundation for crafting secure code. We are continually working to eradicate all occurrences of "unsafe" code, such as `unwrap()` and unchecked arithmetic, from the codebase. Additionally, we have initiated a proactive campaign to subject Tari and its dependent libraries, including Monero-rs, to extensive fuzzing tests, thereby ensuring their security and vulnerability-free status. + +For a comprehensive list of the security enhancements accomplished thus far, please refer to the [github page](https://github.com/tari-project/tari/pulls?q=is%3Apr+is%3Aclosed). \ No newline at end of file