create account

Steemit infrastructure security, scalability, and points of failure by cylonmaker2053

View this thread on: hive.blogpeakd.comecency.com
steemit-issues · @cylonmaker2053 · (edited)
$75.33
Steemit infrastructure security, scalability, and points of failure
<html>
<p><img src="https://cdn.pbrd.co/images/1SdrOZJY.jpg" width="725" height="368"/></p>
<p>So far so kinda good in the Steemit world, but as those of us who are starting to get addicted to the platform realize, the increased traffic and popularity of the site will bring its own set of issues. Steemit is a startup and it is run by real people using real hardware, resources, and software. Add exponential growth in users, data, and economic value and that’s when things can start breaking down.&nbsp;</p>
<p><ins><strong>Scalability</strong></ins></p>
<p>The first big question is whether Steemit can scale to keep pace with its exponential growth? What level of traffic and content creation and data storage can the infrastructure handle? Just this morning I was having issues loading the site and basic functionality, like filtering tags hasn’t been working.&nbsp;</p>
<p><ins><strong>Security</strong></ins></p>
<p>Since Steemit runs on servers and has a bunch of users and network admins who are mere human beings, it’s reasonable to think the system is vulnerable to hackers. That’s scary because this isn’t Reddit, and we now have accumulating real economic value stored in accounts across the network.&nbsp;</p>
<p>Network security for hosting the site and keeping it live involves a whole bunch of behind-the-scenes activities we’ll likely never really be privy to, but since we’re all stakeholders of varying degree in this fun experiment, it’d be nice to know that there’s serious thought and effort involved in keeping things running safely.&nbsp;</p>
<p>Individual accounts are always as vulnerable as the users themselves, and sometimes we’re just straight-up outwitted by conniving hackers who infiltrate our systems. Steemit involves real money, though, so hacking an account here could mean serious money stolen; for better or worse, we don’t have recourse to calling our banks and crying to get refunded, nor do we have handy FDIC bailouts, so the full onus of securing our accounts is on us. That said, those really running things at Steemit should quickly get 2FA security features in place to help us layer up.&nbsp;</p>
<p><ins><strong>Other Points of Failure</strong></ins></p>
<p>Can courts and governments shut us down? Steemit is a startup that’s clearly crowdsourcing equity investment. This is an awesome idea economically because it’s creating a dedicated community with real interests in seeing it grow as enhanced stakeholders; a warm fuzzy feeling we don’t get from other social media platforms like Facebook, Twitter, or Reddit. But does anyone really understand the legal issues we’re up against?&nbsp;&nbsp;</p>
<p>First of all, what’s our legal jurisdiction? Is Steemit a registered business, are we on the hook for legal compliance where our servers are located? How will the world view our little, but growing, hive? The user community is already spread around the world, and since anyone with some Bitcoin, Bitshares, or Ether can buy in as investors (including shareholders), there’s no way of actually pinning down who owns what in the long run. However, there are a handful of founders and early investors supporting this project, so, clearly, these people can be targeted and their resources made vulnerable.&nbsp;&nbsp;</p>
<p>Finally, this experiment is all about decentralization and openness, censorship is something we censor. What implications does that have for copyright or trademark violations? What happens when one of our users posts material that someone else, or some company, decides violates their IP? It is guaranteed that it is merely just a matter of time before some court orders Steemit to remove content. Then what? Even worse, what happens when some douchebag jihadist posts a marketing pitch for ISIS and the FBI orders it taken down?&nbsp;&nbsp;</p>
<p>Servers and people are always vulnerable and until projects like Maidsafe or other meshnets are operational, we need to plan ahead to make sure we avoid future catastrophe. It would be a disaster if the community exploded along with STEEM’s market cap and we had a single court decision to shut us down wipe out a billion dollars in value. &nbsp;&nbsp;</p>
</html>
👍  , , , , , , , , , , , , , , , , , , , , , ,
properties (23)
authorcylonmaker2053
permlinksteemit-infrastructure-security-scalability-and-points-of-failure
categorysteemit-issues
json_metadata{"tags":["steemit-issues","steemit-ideas"]}
created2016-06-22 13:59:03
last_update2016-06-22 14:09:42
depth0
children8
last_payout2016-08-20 12:03:27
cashout_time1969-12-31 23:59:59
total_payout_value37.712 HBD
curator_payout_value37.621 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length4,188
author_reputation9,195,287,625,027
root_title"Steemit infrastructure security, scalability, and points of failure"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id40,378
net_rshares29,688,656,211,712
author_curate_reward""
vote details (23)
@anwenbaumeister ·
$0.12
Very well written and well though out. I am very curious to find out the answers to your questions.
👍  
properties (23)
authoranwenbaumeister
permlinkre-cylonmaker2053-steemit-infrastructure-security-scalability-and-points-of-failure-20160622t140517291z
categorysteemit-issues
json_metadata{"tags":["steemit-issues"]}
created2016-06-22 14:05:21
last_update2016-06-22 14:05:21
depth1
children0
last_payout2016-08-20 12:03:27
cashout_time1969-12-31 23:59:59
total_payout_value0.058 HBD
curator_payout_value0.059 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length99
author_reputation147,454,223,191,114
root_title"Steemit infrastructure security, scalability, and points of failure"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id40,391
net_rshares344,424,654,264
author_curate_reward""
vote details (1)
@dantheman ·
$182.48
<html>
<p>In terms of website performance our underlying technology can easily scale. &nbsp;The primary database that powers steemit is the C++ code that runs the blockchain. This database is trivially replicated and kept in sync across the globe. (The power of blockchains). &nbsp;The internals are based upon the graphene code which is about as efficient as any database can be. &nbsp;I see no problem with scaling our database or our front end assuming we have steady / predictable growth. &nbsp;</p>
<p>In terms of security, it is something we take very seriously. It is also something that is very difficult. Overall, our security is built on better fundamentals than most other blockchains for the following reasons:</p>
<ol>
  <li>99% of the value is time-locked and secured by owner keys</li>
  <li>99% of activity is done with posting keys which don't have access to spend funds</li>
  <li>Keys never get sent to the server</li>
</ol>
<p>In the event our server is compromised, only users who load compromised HTML from our server are vulnerable. If this were to happen then most users would only have their posting key compromised. &nbsp;Fortunately, this does not compromise their funds. &nbsp;Some smaller set of users who login to do financial transactions with their active key could have it compromised as well.&nbsp;</p>
<p>In the long run, the best security will take the form of a browser plugin that manages your keys and prevents Steemit.com from swaping out the JavaScript that loads your keys and signs messages.</p>
<p>We are taking measures to deploy watchdog bots that automatically detect changes in the deployed HTML and alert us to changes.&nbsp;</p>
<p>Nothing is perfect, but in terms of performance, scalability, and security I am sure our team is up to the task.&nbsp;</p>
<p><br></p>
</html>
👍  , , , , , , , , , , ,
properties (23)
authordantheman
permlinkre-cylonmaker2053-steemit-infrastructure-security-scalability-and-points-of-failure-20160622t142812326z
categorysteemit-issues
json_metadata{"tags":["steemit-issues"]}
created2016-06-22 14:28:12
last_update2016-06-22 14:28:12
depth1
children1
last_payout2016-08-20 12:03:27
cashout_time1969-12-31 23:59:59
total_payout_value91.240 HBD
curator_payout_value91.238 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length1,824
author_reputation240,292,002,602,347
root_title"Steemit infrastructure security, scalability, and points of failure"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id40,421
net_rshares45,836,634,531,116
author_curate_reward""
vote details (12)
@hipster ·
$2.63
What about open sourcing a client? It will give extra credit for users as well give community ability to improve security. Are you going to do this? When?
👍  , ,
properties (23)
authorhipster
permlinkre-dantheman-re-cylonmaker2053-steemit-infrastructure-security-scalability-and-points-of-failure-20160624t124401204z
categorysteemit-issues
json_metadata{"tags":["steemit-issues"]}
created2016-06-24 12:44:00
last_update2016-06-24 12:44:00
depth2
children0
last_payout2016-08-20 12:03:27
cashout_time1969-12-31 23:59:59
total_payout_value1.313 HBD
curator_payout_value1.313 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length154
author_reputation43,811,990,885,529
root_title"Steemit infrastructure security, scalability, and points of failure"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id42,622
net_rshares4,074,008,319,910
author_curate_reward""
vote details (3)
@ned-reddit-login · (edited)
$0.12
<html>
<p>You may be on Steemit.com but this is just one web wallet for the Steem network which is a decentralized blockchain database built for security and scale with DPOS+POW consensus algorithms. &nbsp;If Steemit's servers go down, the blockchain will keep running and Steem community may access their account from other interfaces. Please read the terms of service and the Steem white paper.</p>
</html>
👍  ,
properties (23)
authorned-reddit-login
permlinkre-cylonmaker2053-steemit-infrastructure-security-scalability-and-points-of-failure-20160622t141742875z
categorysteemit-issues
json_metadata{"tags":["steemit-issues"]}
created2016-06-22 14:17:42
last_update2016-06-22 14:18:42
depth1
children0
last_payout2016-08-20 12:03:27
cashout_time1969-12-31 23:59:59
total_payout_value0.060 HBD
curator_payout_value0.060 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length408
author_reputation-681,981,461,850
root_title"Steemit infrastructure security, scalability, and points of failure"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id40,406
net_rshares350,123,591,213
author_curate_reward""
vote details (2)
@sean-king ·
$133.59
<html>
<p>Glad to see folks thinking ahead! &nbsp;As a lawyer, I'm less concerned about the legal issues you raise and more concerned about the security issues, perhaps because my grasp of the latter is wanting.</p>
<p>Legally, state censorship of Steemit would be incredibly difficult, at least once it reaches sufficient scale. &nbsp;Judges cannot order individuals to do things beyond their control. &nbsp;For instance, a judge cannot legally order me to paint the sky red. &nbsp;And, reversing entries on a sufficiently secure blockchain is the rough digital equivalent of painting the sky red. &nbsp;To the extent that such a reversal is possible at all, it could only be done by a large group of people (called "witnesses" in the Steemit system, I think) acting in concert. &nbsp;Provided that this group is sufficiently large and sufficiently distributed across multiple legal jurisdictions, successful state censorship becomes very, very unlikely. &nbsp;</p>
<p>It's also unlikely that a judge (in the US at least) could compel a person to write code. &nbsp;Code is speech, and speech is Constitutionally protected. &nbsp;So, targeting developers probably isn't a winning strategy for the state either. &nbsp;&nbsp;&nbsp;&nbsp;</p>
<p>Nonetheless there will be community policing and community censorship to some degree via the down voting process. &nbsp;It will be fascinating to see how that works and evolves. &nbsp;I imagine that organizations like ISIS would get down voted to irrelevance, but perhaps not. &nbsp;And perhaps they can find ways of gaming the system to work in their favor. &nbsp;&nbsp;&nbsp;&nbsp;</p>
</html>
👍  , , , ,
properties (23)
authorsean-king
permlinkre-cylonmaker2053-steemit-infrastructure-security-scalability-and-points-of-failure-20160622t143424871z
categorysteemit-issues
json_metadata{"tags":["steemit-issues"]}
created2016-06-22 14:34:24
last_update2016-06-22 14:34:24
depth1
children1
last_payout2016-08-20 12:03:27
cashout_time1969-12-31 23:59:59
total_payout_value66.796 HBD
curator_payout_value66.796 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length1,638
author_reputation84,123,051,136,467
root_title"Steemit infrastructure security, scalability, and points of failure"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id40,430
net_rshares38,943,639,373,300
author_curate_reward""
vote details (5)
@stellabelle ·
$0.11
I've already seen evidence of bad stuff being downvoted. As long as the hive is sane then the hive thrives.
👍  ,
properties (23)
authorstellabelle
permlinkre-sean-king-re-cylonmaker2053-steemit-infrastructure-security-scalability-and-points-of-failure-20160622t200307307z
categorysteemit-issues
json_metadata{"tags":["steemit-issues"]}
created2016-06-22 20:03:09
last_update2016-06-22 20:03:09
depth2
children0
last_payout2016-08-20 12:03:27
cashout_time1969-12-31 23:59:59
total_payout_value0.055 HBD
curator_payout_value0.055 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length107
author_reputation516,061,669,130,124
root_title"Steemit infrastructure security, scalability, and points of failure"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id40,720
net_rshares323,671,536,951
author_curate_reward""
vote details (2)
@steemitblog · 
<html>
<p>Steemit, Inc is not crowdsourcing equity investment. Steemit has mined, purchased, or earned all Steem in its possession. Steemit is a peer on the peer to peer network just like blockchain.info to Bitcoin. &nbsp;</p>
<p><br></p>
</html>
👍  
properties (23)
authorsteemitblog
permlinkre-cylonmaker2053-steemit-infrastructure-security-scalability-and-points-of-failure-20160622t141054269z
categorysteemit-issues
json_metadata{"tags":["steemit-issues"]}
created2016-06-22 14:10:54
last_update2016-06-22 14:10:54
depth1
children1
last_payout2016-08-20 12:03:27
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length246
author_reputation332,472,558,821,177
root_title"Steemit infrastructure security, scalability, and points of failure"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id40,400
net_rshares5,698,936,949
author_curate_reward""
vote details (1)
@cylonmaker2053 · 
<html>
<p>It's nice to see a logical explanation following other precedent. The risk is that none of this has legal clarification yet, so hopefully there aren't unforeseen issues. Steem Power smells like equity investment since it implies some ownership stake and a vesting schedule for funds being locked up.&nbsp;</p>
</html>
properties (22)
authorcylonmaker2053
permlinkre-steemitblog-re-cylonmaker2053-steemit-infrastructure-security-scalability-and-points-of-failure-20160622t141747469z
categorysteemit-issues
json_metadata{"tags":["steemit-issues"]}
created2016-06-22 14:17:48
last_update2016-06-22 14:17:48
depth2
children0
last_payout2016-08-20 12:03:27
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length327
author_reputation9,195,287,625,027
root_title"Steemit infrastructure security, scalability, and points of failure"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id40,407
net_rshares0
Help/Feedback