Engineering Update: Condenser Split, Key Backup, MIRA

in #steemit6 years ago (edited)

Hello Steemians, welcome to our latest Steemit Engineering Update. You can view our last engineering update here.

Condenser/Wallet Split

The stand-alone Wallet application has now been live for over a week and is performing well. As we disclosed in our last update, that application now lives at steemitwallet.com. If you’d like to learn more about why we decided to go with steemitwallet.com check out the section "Why Steemitwallet.com" in our last update.

While we’ve been letting that release soak, we’ve been polishing off some minor PRs for the Social application and getting that ready to roll out. We are now very close to releasing the Social application! When that happens, steemit.com will no longer run a full version of Condenser. Instead it will run a stripped down version that will include just the social features of Steem which only require the use of one’s Posting Key. Because it’s a smaller application than the full Condenser, it will consume fewer resources on both our machines, and yours.

Password Backup PDF

These changes to Condenser will eventually enable us to prevent people from using their Master Password ever. We want to do that because your Master Password can be used to change all of your keys, which makes it very dangerous in the hands of a hacker. In addition, many of the people who create an account through our faucet only save their Master Password in browser, and never save their other keys. To help mitigate these issues in the short term, we have been working on a solution that renders a PDF containing all of a user’s Keys and their Master Password upon request, and strongly suggests that they print it out as a backup.

The main priorities governing the construction of this document are 1. ensuring that users have a backup of their keys and 2. beginning the process of educating users on what these keys do. There is no silver bullet to the issue of multiple keys.

If you’re going to have a token wallet (the crypto equivalent of a bank account) tied to your social media account, they will require separate keys. The solution is many lead bullets that gradually make the process easier and more intuitive over time. Education, user interface, and back end solutions will all play a roll. While this PDF might sound simple, we believe it is likely to mitigate a massive percentage of the issues people have with respect to losing access to their accounts.

Ads

We are in the process of integrating Coinzilla into steemit.com. Coinzilla is a crypto-focused ad network that enables us to generate more revenue through ads we display on steemit.com by having advertisers competitively bid for our ad space.

MIRA

We have some exciting news about MIRA: it is now running in our dev environment without issue! We have a few minor tasks to perform before using MIRA in production, but once those are complete we should be able use MIRA in our production environment which will enable us to dramatically reduce the amount of RAM we are using in our nodes, which will significantly reduce the costs of running those nodes.

Replay Times

We’ve been focusing on improving the replay time for standard SSDs using MIRA. As of now the replay time is 2-5 times longer, however once synced the performance is excellent. We have concluded that we are reaching the performance limits of RocksDB, which is why we are working on a hybrid system that will allow us to reindex with the most expensive indices in memory using the current solution and then migrating to RocksDB on disk after the reindex is complete.

Configs

We’ve also put a lot of effort into configs which will make it easier for anyone to run MIRA. MIRA utilizes RocksDB which has many options that can be used to optimize performance for different hardware (e.g. SSD, HDD, NVMe). That means one size does not “fit all.” At Steemit we are currently using NVMe which is extremely fast, but also very expensive. Other people might want to run MIRA on more affordable hardware and for them our configuration may not work as well. We want to ensure that everyone can configure MIRA to run optimally on their specific hardware.

One of the great advantages of leveraging RocksDB is that it enables us to target any kind of storage medium. We could even get Steem running on spinning disk drives, however, at this point such drives are nearly obsolete and are not optimal for a blockchain with Steem’s speed. Instead, network attached SSD storage is a much more appropriate target, and MIRA puts that target directly in our sights.

Be sure to follow @steemitblog if you would like to see more engineering updates like these!

The Steemit Team

Sort:  

SteemitWallet.com ...., One of my registered domain names.
Glad Steemit Inc. was able to snag it after I released it.

I realized the domain would be under copyright/trademark laws.., well that and I didn't want to be a prick squatter.

I had originally registered the domain back in 2016 out of ignorance regarding Steem vs. Steemit. :-)

So you are welcome, Steemit inc., for at least not making it all a hassle.
:-P

Now if Anyone would like to offer crypto to me for:

STEEM.BIZ
STEEM.MOBI
STEEMTOKEN.COM
STEEMTOKENS.COM
STEEMWALLETS.COM

Then I am all ears! :)

Cheers Steemians

-Greg

hey @steemitblog I am worried about the attack vectors of printers and their cache which can be hacked,

In your Blog post here, you write about the backing up of steemit keys by PRINTING Them, a worrying affair

and strongly suggests that they print it out as a backup

The Bitcoin paper wallet community is full of horror stories of having printer caches hacked and since manmy printers KEEP COPIES of what they print and you have all these attack vectors on the way to the printer from teh computer, and how you have to save those keys in a PDF on yoru desktop environment before sending it to a printer, how most people dont even use printers at home anymore and would hve to take their keys to a public printer, probably college kids using school printers, i mean so many attack vectors. cant we just go back to 12 word phrases so people can WRITE DOWN their keys on PAPER?

Or why doesnt Steemit inc open an official partnership with Lastpass or its open source FOSS equivalent OR maybe steem can sponsor the creation of its own lastpass style system for backing up steem keys

Also steem needs a recovery system for inactive accounts where the owner has lost the key, we need to have a recovery partner style person you can set up as your recovery partner if your account has 6 months, 1 year or 2 years of inactivity, then the account ownership is sent to that person or backup account.

Replay Times

Tell me if I am wrong, but I guess you mean "reply" instead of "replay"?

Apart from that, thanks for the hard work and the updates!

The backup PDF seems to be a good idea.
To further increase safety I wonder if in future a 2 FA solution could be possible?

No, it's "replay time", meaning the time to run (replay) the entire history of the blockchain. Replaying the history is necessary to do when storing all the blockchain data into a new format such as RocksDB.

Thanks for explaining!

@steemitblog,
Thanks for this update, I am really interesting to see how these Coinzilla ad network works here. Anyway it's the first time I have heard about it! No idea about the popularity of it! Somehow I would like to hear status of using Google Ads and the revenue you could generated through it as well!

Cheers~

Thanks for the update!

People really don't pay attention to details, do they?

When I heard I think Andrew at 60 minutes of Steem that there is a considerable number of people who saved their master password in browser and have no backup of it or the private keys, I couldn't believe it.

No they don't :) But if we want to Steem to be able to onboard the masses, we have to make sure that it meets the need of all users. It's solutions like this that give me the confidence to say that no other blockchain is doing as much as we are to onboard the masses.

Oh yeah, I agree, they ARE the normal folks that we want to massively attract. If we can help them, we are already more prepared to onboard massively normal folks.

Great news on MIRA! Any idea when SMT testnet will launch?

We over at cXc Music are patiently waiting!!

Excited!

Will the masterpasword be needed to get the pdf file? Also will you be creating a site or page for people to go to in the unlucky event that they get hacked or will it still just be the info page on the three bar menu?

I believe so. The primary issue this is intended to resolve is when users come to steemit.com and are no longer capable of signing in with anything other than their Posting Key. For those users who only ever saved their Master Password in browser we wanted a solution that would enable them to easily retrieve, and save, all of their private keys.

Excellent news!

Posted using Partiko Android

Once we're done with MIRA we'll be turning our attention to Communities and SMTs among other things. SMTs are high priority, just not as high as MIRA and that work is done by the same team.

I like the idea of never to use the master password as this as rightly pointed out is a way a hacker may take over an account. That will be a nice update.

Thanks for the update!
It is nice to have some news about what's going on. Waiting for the full implementat ion of MIRA.

Steem on!