Who is nijeah?
As you might know, Steem was down for some hours today.
@holger80 has a good overview, what happened.
Also https://steemit.com/steemitdev/@bobinson/why-did-steem-blockchain-froze
So the question is, who is this guy, @nijeah?
Created by anonsteem.
That is of no help.
how about his wallet:
Look at that, he did use bittrex.
Lets continue our search on steemworld.org:
Let's scroll down a bit:
This points to @netuoso
Your Top 20 Witness
:(
On another note, my witness node (haha) is getting updated
( not that it matters at my position anyway)
I am way more angry, that I couldn't play and stream this morning!
UPDATE:
@netuoso answered:
do not own or run the @nijeah account. Several months back I helped the user with a couple scripts and answered a few questions on discord. I was compensated for my time.
I'll help anyone that asks or needs it on the Steem devs discord server.
UPDATE2:
@netuoso answered in a posting here:
https://steemit.com/drama/@netuoso/open-letter-to-the-harassers-and-anyone-else-paying-attention-re-blockchain-freeze
Even if it was @netuoso, there's nothing malicious about trying strange operations out and seeing how the blockchain will be able to handle it or not. Imagine this happened after we already had millions of active users, it would be much worse. I'm glad @nijeah did what they did. After all, a fix was found, though not without lots of stress for all the witnesses/devs involved, I am sure.
Edit: Obviously I realize the seriousness of the situation. I'm also not a developer/witness so I'm somewhat ignorant about the proper procedures. But I expect the STEEM blockchain to be strong enough to handle something of this nature. If it cannot, there is no reason to use it over another coin. I'm sorry, but I just cannot blame the user who initiated this operation. Clearly it would have been wiser to make the attempt on a testnet, so perhaps there was some malicious intent.
There's something weird about it though. @nijeah tried 4 operations, first a -1Vest withdrawal, then a -2Vest, then -10 Billion, and finally -1 Trillion, which is way over the Vesting Fund of 391,231,329,807 Vests.
Not to shamelessly plug my stuff but, I emphasize this very detail here: https://steemit.com/steem/@jerc33/steem-blockchain-down-here-s-what-happened
Also, and not less important. No one just tries stuff like this and at these disastrous amounts (albeit negative amounts, sure) on a production environment. This is a completely irresponsible conduct for someone "just testing the system".
EDIT: The right approach would be. trying this in a testing environment, of course. But still disregarding that one, at a -1Vest withdrawal @nijeah had already all the information he/she needed to report it to @steemit directly. And by doing so, the SteemitDevs would have 7 days to prepare and probably correct the error, instead of having to push all-nighters just because of the incompetence of a, presumably self-entitled "pen-tester".
I have a hard time believing this had other intents than malicious ones. Incompetence doesn't look like this.
Yes, I did notice the absurd increasing quantities. I understand the view that this is irresponsible, but don't know enough about coding to be able to say whether there was a better way to test this than live on-chain. Besides, the operation was started 7 days before, there should have been plenty of time to detect this anomaly and implement a fix before the blockchain froze. I'm sorry, but I expect the STEEM blockchain to be extremely robust. After 2 years of being live it should be able to handle something as basic as negative withdrawals.
That's easy, We're all humans. Every code-base, be it Google's, Microsoft's, Facebook's or wtv, has flaws like this waiting to be discovered. And some of those that have been discovered already are even dumber, like the empty password flaw on macOS, recently.
Of course, if this happened to some software I created the first thing I'd want to do after fixing it would be hide under a rock out of shame. I'm sure SteemitDevs feel the same way already.
About detecting though, that's tricky. You can't implement unit tests on problems you don't foresee. But as someone involved in pen-testing projects I have to say, the lack of communication on nijeah's part raises all kinds of red flags to me.
But, I'm of the opinion that Steemit failed miserably at one very important thing, the fact that it never organized a proper bug-bounty program like, for example EOS did, on hackerone.com . Like @isnochys said, there's even no proper testing environment and that's clearly dumb on their part. (@ned you need a testing-evn and bug-bounties on hackerone or bugcrowd or whatever. utopian doesn't count, it's a joke.)
Correction: Maybe there is a testing environment after all, according to @therealwolf
Yes, that was not important!
just all of steem nodes stopped working, all applications on the steem blockchain and block production stopped for ~10 hours, and we got thousands of missed blocks
When did I say it was not important? It's one of the biggest crises to happen in the past 2 years of the blockchain being active.
That's why every product should have a valid test net.
Where one can try out things
But I may be repeating myself, steem(it) needs a proper service management.
Testing, Integration and Prod environments.
Fantastic friend
Strange..never seen such a transaction. But as others said i think its okay to test so we know what will happen with more adoption.
But it should have been done on the testnet.
nijeah is haejin backwards
Captain Obvious reporting for duty?
Captain rude being rude to a stranger?
I know its obvious but it was not stated in the post nor in the comments.
🤣🤣🤣
Lmao, you are funny
This is very very very disturbing! Good job on the detective work.
As I told @crokkon before, we don't have a smoking gun here, but at least a gun with maybe fingerprints on it.
The evidence wouldn't stand in front of a judge.
But I am only a steemcleaners detective.and not state attorney ;)
Will require further investigation into the blog/comments/replies of that account.
Ah, the beauty of the blockchain's transparency. The truth will surface at one point or another.
This post has been upvoted by @millibot with 40.0%!
Thank you for giving your trust and witness vote to my creator @isnochys!
More profits? 100% Payout! Delegate some SteemPower to @millibot: 1 SP, 5 SP, 10 SP, custom amount
You like to bet and win 20x your bid? Have a look at @gtw and this description!
The code should not allow the withdrawal of negative vests. There are going to be plenty of new users on here who don't know what they are doing. This wasn't nijeah's fault.
I am sure he/they can be traced by ip adress
@isnochys I voted you as witness. As a witness you may know why Steem blockchain was down for hours. Nothing was working for hours. Do you know why?
Did you read the postings I mentioned in the article?
It is explained in detail there.
Are there any questions on the details?
TL;DR:
Someone did something, fixing took some time.
I could not understand what negative vesting withdrawal is? Can one person be so strong that he can put entire blockchain on standstill?
He tried to power down a negative amount of STEEM, and there wasn't a check if the number was valid, so the whole network went down after noticing this is wrong because it didn't know how to handle this (explained rather simple)
You are right. A small bug can crash a system.
This post has been upvoted by @minibot with 50.0%!
Thank you for giving your trust and witness vote to my creator @isnochys!
More profits? 100% Payout! Delegate some SteemPower to @minibot: 1 SP, 5 SP, 10 SP, custom amount
You like to bet and win 20x your bid? Have a look at @gtw and this description!
just saw the mention :-)