Engineering Update: DDoS, Wallet, SteemDAO
Hello Steemians, welcome to our latest Steemit Engineering Update. You can view our last engineering update here.
Last night we disclosed the existence of a DDoS attack against steemit.com which is still resulting in intermittent inaccessibility of steemit.com, but which has no impact on the blockchain or any other Steem apps. While unpleasant, this actually highlights the unique advantage of building applications on top of the Steem blockchain, which is that one site being down is just an opportunity for Steem users to explore other amazing Steem apps like steemmonsters.com or drugwars.io. ;)
We have already implemented a number of mitigation efforts and are continuing to explore and execute new solutions. For now the situation seems to have been resolved. We will update you if the situation changes.
Since our last update we successfully released the stand-alone wallet application which you can now find by navigating to steemitwallet.com. The community has already provided valuable feedback about the wallet and we hope you keep it coming! We are extremely happy that the feedback relating to the user experience of the application is largely positive and the number of bugs users have encountered has been minimal.
We also received some feedback that was critical of our decision with respect to the use of wallet.steemit.co. After taking that great feedback into consideration, we decided to switch the domain to steemitwallet.com. Thanks again to everyone who contributed their valuable feedback and for helping to make the Steemit experience as good as it can be. Those who go to wallet.steemit.co will be redirected to steemitwallet.com.
The reason we chose to use steemitwallet.com (as opposed to steemwallet.com) is that it's a companion product that is intended to run alongside steemit.com and is designed to be a relatively seamless experience that users of steemit.com are already used to, but better. Having users jump between a Steemit branded application and a Steem branded application could also exacerbate the already significant confusion around the distinction between Steemit and Steem.
The primary benefits that will accrue from this change are:
- Since Social Condenser won’t be handling high value keys, it will be much easier to add new features to the social media side without as much security review. This will also make it easier to approve community code contributions.
- It will be more cost effective and efficient.
- It will be an excellent opportunity for education regarding key handling and Steem’s unique hierarchical key system in steem.
A good example of a community contribution that will be easier to approve post-split is a long standing PR which would allow dtube videos to play in-blog. We never merged this in because it required opening up the Content Security Policy (CSP) to another domain and relaxing security standards is something we refuse to do as an organization. Essentially the only times we are willing to relax security is in those cases where it significantly improves the user experience, and where the impact of a highly-unlikely worst-case scenario (e.g. hack) is minimal and/or quickly reversible.
After we make these changes, we could implement such changes more rapidly because simply by splitting these two apps we will dramatically reduce the negative impact that would result from a potential worst-case scenario. There are many similar cases in which things that we could not do before due to security concerns we will soon be able to do. Many of these things are features that average users have come to expect from social media in 2019. We're on the road to making a better steemit.com and this is one of the first stops on that road.
It is important to acknowledge that a big part of the reason for this change is that it makes it safer for us to run ads on steemit.com. At Steemit we love releasing free software and providing free services like access to our nodes. But services that are free for others are never free those rendering them, and displaying ads is the least obtrusive means of generating revenue in a way that seems to be acceptable to our users who ultimately have the choice to use other interfaces that display the same information. Unlike Facebook, we do not have monopoly control over your data, and when it comes to displaying ads, that makes a big difference.
Most of the work we have been doing as of late has been aimed at generating state files using MIRA. We are extremely excited to announce that MIRA is now consistently generating state files around every 2 hours and we have now accomplished a record streak in terms of regular state file generation! MIRA branches are now building and we will deploy to our development environment very soon. This is a big milestone on the path toward using MIRA in production which is why we are now shifting our strategy discussions toward how best to complete the MIRA project!
Development of the SteemDAO has moved to testing which is why we are dedicating some of our time to reviewing their code and leaving feedback. Our goal is to leverage our expertise in dealing with the Steem blockchain to ensure that the code being submitted can be approved as efficiently as possible once it is complete. Our primary motivation is always the safety and scalability of the Steem blockchain.
Be sure to follow @steemitblog if you would like to see more engineering updates like these!
The Steemit Team