- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
Ken Toler at FileCoin Foundation (Short)
My name is Ken Toler. I'm the head of security at Filecoin Foundation. Filecoin Foundation is, helping with the Filecoin ecosystem, and the main thing that we're doing is helping to store humanity's data, through the blockchain ecosystems.
My role is to help facilitate security for that ecosystem, through security programs and organizations that we establish across the board for with all of these, different organizations and teams to help fortify Filecoin as an ecosystem and as a crypto. Let's say that there's a a bug, inside of the system. Every single person that updates that particular system is going to have that bug, which means that there is a global, product or system that could be affected by that. So it's important for us to discover those early.
The other thing that you're that you have to think about here is that there's no one central component of these systems. A lot of this is made up of open source products or core contributors and libraries that come from different different countries, different places.
It's important for us to keep an eye on what is going into code so that those types of outages don't happen. If we experience something like a chain halt, that downtime is detrimental to the entire system. making sure that we're resilient and being able to test for that within the organization, but also with with all of these different teams becomes a real challenge when there's no unifying authority over that.
the goal is to have no real unifying authority, but that the participants are the ones authorizing this type of behavior. a lot of that is built into the system. But also looking for ways, like using antithesis that help us with, with testing.
Being able to to test beyond what you would see, in a production environment is very important for us because, we can't necessarily predict the behavior on the on the network. And we're reliant on those cryptographic proofs and the incentives that the ecosystem provides in order for folks to use it appropriately. our goal is to try to establish that. And to make sure that we are pulling in these core components into some unified architecture so that we can test them independently and provide another lens for these teams to use in addition to their own test coverage.
we've seen that with some of these teams, they're very attracted to using it. with other teams they wanna stick to their own own testing pipelines. the hope is that over time, it becomes so valuable for them to to write these assertions that this is where they would shift their testing. We hope that over time, this becomes the most valuable way to test these to test the software and to provide as much insight into that.
I think the the biggest impact, and and I'm speaking from the security lens here, is that you have an incredible method to detect high severity, high impact issues, much earlier in the life cycle without putting undue strain or work on your engineers. People talk about shifting left. They talk about getting earlier in the SDLC. This is a common theme.
And you'll see in the industry, we have trouble getting there. And this is something that you can do that has very tangible results to be able to see how you've made that shift. You can actually see, the proof in the pudding that there is a result that comes from testing this early, and it isn't after the product is deployed.
If you can look at this as both a testing platform or autonomous testing platform and as a way to test for security, I think that it will help to, enhance and solidify the relationship between the security engineers and the application engineers, and it will make it so that security becomes an enabler to software development as opposed to a blocker. The antithesis team is one of the biggest helps to our success, in being able to deploy the product. I think one thing that, is amazing is how technically competent the engineering team and support team is and how willing they are to take feedback.
When you find that first bug that would be a higher critical severity issue reported by a security researcher, that's the switch. Because that is a payout that you're not making to a researcher, which, you know, sorry for the researcher, but that means that we found it earlier. Months earlier, a year earlier, who knows? But we found it, and we can say that we found it before someone else did.
And from a security perspective, how often can you say I found this before someone else did?
http://antithesis.com/
Видео Ken Toler at FileCoin Foundation (Short) канала Antithesis
My role is to help facilitate security for that ecosystem, through security programs and organizations that we establish across the board for with all of these, different organizations and teams to help fortify Filecoin as an ecosystem and as a crypto. Let's say that there's a a bug, inside of the system. Every single person that updates that particular system is going to have that bug, which means that there is a global, product or system that could be affected by that. So it's important for us to discover those early.
The other thing that you're that you have to think about here is that there's no one central component of these systems. A lot of this is made up of open source products or core contributors and libraries that come from different different countries, different places.
It's important for us to keep an eye on what is going into code so that those types of outages don't happen. If we experience something like a chain halt, that downtime is detrimental to the entire system. making sure that we're resilient and being able to test for that within the organization, but also with with all of these different teams becomes a real challenge when there's no unifying authority over that.
the goal is to have no real unifying authority, but that the participants are the ones authorizing this type of behavior. a lot of that is built into the system. But also looking for ways, like using antithesis that help us with, with testing.
Being able to to test beyond what you would see, in a production environment is very important for us because, we can't necessarily predict the behavior on the on the network. And we're reliant on those cryptographic proofs and the incentives that the ecosystem provides in order for folks to use it appropriately. our goal is to try to establish that. And to make sure that we are pulling in these core components into some unified architecture so that we can test them independently and provide another lens for these teams to use in addition to their own test coverage.
we've seen that with some of these teams, they're very attracted to using it. with other teams they wanna stick to their own own testing pipelines. the hope is that over time, it becomes so valuable for them to to write these assertions that this is where they would shift their testing. We hope that over time, this becomes the most valuable way to test these to test the software and to provide as much insight into that.
I think the the biggest impact, and and I'm speaking from the security lens here, is that you have an incredible method to detect high severity, high impact issues, much earlier in the life cycle without putting undue strain or work on your engineers. People talk about shifting left. They talk about getting earlier in the SDLC. This is a common theme.
And you'll see in the industry, we have trouble getting there. And this is something that you can do that has very tangible results to be able to see how you've made that shift. You can actually see, the proof in the pudding that there is a result that comes from testing this early, and it isn't after the product is deployed.
If you can look at this as both a testing platform or autonomous testing platform and as a way to test for security, I think that it will help to, enhance and solidify the relationship between the security engineers and the application engineers, and it will make it so that security becomes an enabler to software development as opposed to a blocker. The antithesis team is one of the biggest helps to our success, in being able to deploy the product. I think one thing that, is amazing is how technically competent the engineering team and support team is and how willing they are to take feedback.
When you find that first bug that would be a higher critical severity issue reported by a security researcher, that's the switch. Because that is a payout that you're not making to a researcher, which, you know, sorry for the researcher, but that means that we found it earlier. Months earlier, a year earlier, who knows? But we found it, and we can say that we found it before someone else did.
And from a security perspective, how often can you say I found this before someone else did?
http://antithesis.com/
Видео Ken Toler at FileCoin Foundation (Short) канала Antithesis
Комментарии отсутствуют
Информация о видео
23 июня 2025 г. 22:03:28
00:05:27
Другие видео канала
Hypothesis vs. hallucinations: Property testing AI-generated code
Escaping the Spaghetti: How to Test Untestable Codebases
The Nature of Strings by Xiangpeng Hao | DC Systems 009
How to succeed in software testing without really trying - Lawrie Green
Why is everything under-tested? - Zac Hatfield-Dodds
Slow down to go fast: TDD in the age of AI with Clare Sudbery
Almog Gavra on Dostoevsky on LSMs -- Papers We Love SF March 2026
No actually, you can property test your UI
A. Jesse Jiryu Davis at MongoDB (Long)
Clément Salaün at Formance
The Dollar Bet that Fuzzed Figma: Exploding Laptops and UI Reliability with Jonathan Chan
Fixing five "two-year" bugs per day
Revisiting Property-Based Testing with Typed Choices by Liam DeVoe | DC Systems 008
ACID Jazz - Kyle Kingsbury
Fail loudly, fail fast, fail in production
A. Jesse Jiryu Davis at MongoDB (Short)
Building confidence in an always-in-motion distributed streaming system | Frank McSherry | Bug Bash
The Nitty Gritty Bits of Property Based Testing (PBT) by Alperen Keles | DC Systems 003
Life at Antithesis -- Yusuf Van Gieson
Ken Toler at FileCoin Foundation (Long)
