Perception is Everything when it comes to Websites.
The majority of people using the steemit platform do not realise the underlying system of how it works, at least in a basic way — so let me try and explain a little to those that might not know, we have the frontend website (condenser) that connects to a backend blockchain, the blockchain part is decentralised in that it can’t be taken down it’s distributed across many different parts of the world on different hosts by the witnesses, without these guys we don’t have decentalization (so give ya witnesses some extra props today because they rock)
Now what’s been happening is that steemit.com and I presume the main steemit node has been attacked with a ddos attack, this is often called a distributed denial of service attack, think of it as the other way around from what the witnesses do for having copies of the blockchain but instead of a blockchain all the ddos attack does is throttle or overload requests to a service on the web, in our case it’s the steemit.com website and probably one of the main nodes that steemit uses — sure steemit is decentalized in operation of the blockchain but we still have issues with the way that condenser is hosted (condenser is the frontend) which we see that connects to the steemit blockchain backend. That make sense?
Anyway, some cranky, triggered, strung out on g-fuel script kiddy has decided to aim it’s packet spamming nerd cannon over in our general direction. Well ain’t that some shiz? Tbh, it happens a lot on the internet, think of it as a mardy tantrum of someone wanting to get attention or at least reduce the attention of an audience (i.e steemians) to consider them over the platform. The point of a ddos is to do one thing, limit access. Most of the time it’s some power hungry, end of the rope kinda person that’s just trying anything at all possible to gain some kind of control over their live by pretending they are in control by doing this. It’s lame, it’s not even a hack, it’s just noise, white noise, mostly untraceable and the tool of the script kiddie, government agencies, competition and people with an axe to grind.
And take a deep breath. That was a lot right?
Sorry, I decided to throw my thoughts into the ring (I realise the irony of putting up a post on a platform that’s up and down so much today) about some of the things that maybe we should be doing, forming a team around, having a debate about, asking some of the whales who have done well ‘thank you very much’ to dip their hand into their steem and pitch in for a good solid attack and battle plan to mitigate not just similar downtime but also to construct a respectable social media narrative for the users and potential users that heard about the site in press and came today and got a 503 error message instead. Hardly inspiring for them is it?
cloudflare or something similar?
Now I realise that this might not even be possible or even help fix anything because of the way that condenser connects to the blockchain but maybe we can learn from the attack vectors of this last attack and start working with some of the teams of these mitigation experts, find out a cost, see what they can help with, maybe have some kind of early warning system when the data traffic inbound starts to peak and it’s randomly data — I don’t know the vector of the attack all I know is it’s a ddos so it could be on the blockchain master node itself or elsewhere. Either way, we need a good firewall guy and mitigation specialist — find one, give him a ton of steem and let’s rest a little easier that we have someone fighting out corner with us.
round robin between steemit, busy and chain
The first thing I did was to check to see if I could get on busy.org and that was down as well, that’s when I knew that things were pretty serious because I’m assuming that busy uses the master node as well, so it was either a broad ddos attack over certain ranges and sites or it was on a source that both were using — which leads me to a few questions and potential outcomes.
Why are we not setting up a round robin in this times to go to the ‘next available front-end’ or partner of the network. We all use the same blockchain right so doesn’t it make sense from the users perspective that we offer automatically an alternative until the main site can be restored after all we are building not only loyalty to the steemit site but also care about the availability and uptime of the service. That goes a long way with users when they are used to services going down.
We could have a message on the top of these sites when it’s in a round robin when issues are detected to let new users who maybe don’t understand that we have many sites that connect to the steemit blockchain feel a little bit more confident about the reliability but trust of the platform as a whole, also these third party interfaces get some props in the process, after all we are a collective hub talking on this social blockchain right?
Another question I have and I had this before when we had that massive east coast aws issue (not steemit) was why are we not using multiple cloud providers and actually doing a proper routing exercise to build in as many backups to the choke points as possible, if we pick the right places that have 1/10gb connectivity we could be taking super fast transfers and copies of the blockchain and pushing it to multiple edges. I know I make it sound oh so simple but that’s just a suggestion, let’s not tie ourselves into one cloud provider — think of it like a condenser for multiple cloud instances, you could even then go down to doing look ups (if the user is cool) to find nearest steemit blockchain a bit like how CDN’s (content delivery network) work for media — can’t we design a BDN? A blockchain delivery network?
status.steemit.com - build an offsite status page
This is a bit of a no brainer. But why don’t we have this?
Statuspage | Hosted Status Pages for Your Company
I’m sure this would be super useful for the whole steemit community if all the tools, services, websites, api’s and everything else that goes a long with it (smt’s later on) and such like with a team of people who could be alerted and activated when issues happen or even when latency or issues start to develop — maybe I’m being disrespectful and they already have this on lockdown already but I think having something for the general public to be redirected too on twitter or facebook or the many other places that people are spreading the ‘wrong information’ could be actually informed and stop the spread of fake news, bad messaging and bad image for the platform, let’s just cut that down by having a status place to go — replace the 503 page with an automatic redirect to this.
torrent style app to sync copy of steemit blockchain
Ok, hear me out on this one. This is a long shot but it’s just an idea that popped in my mind that just might work - what if, we had a packaged condenser frontend wrapped in a say electron app, that was self updating, automatically pulled down via torrent technology from other users that were in the seed pool (like the witnesses) a copy of the blockchain locally, and whenever those users were on for a period of time could be listed as a virtual witness, maybe even create a route and easy payment system to pay with steem or steem dollar to host a witness full time with the ability to us that blockchain (offline) in a sense on their machine and then sync later when connectivity to the web - think google gears in approach to offline technology — I know it’s out there, but a peer to peer local copy of the steemit blockchain with a self updating condenser frontend, maybe as a sandboxed docker instance?
educate masses about security of the steemit blockchain, because they don't know the difference.
One thing is obvious is that people don’t understand the different between the website being down and the contents of the blockchain that it connects to being safe. People just react to what they see — it’s been hacked, it’s under ddos attack, criminals are trying to break in, etc. for the non technical old and new users they are instantly transported to a place of concern about their information, is the platform safe, is my money/funds safe, is my machine safe — will the site ever be the same again.
The knock on effect is having lots of people trying to constantly reload the website, spread misinformation on social networks and generally turn against everything the platform has managed to achieve up until the next time the site takes a dump (for whatever reason) — we don’t need to just mitigation attacks we need to mitigation public and social opinion by doing the best we can to keep the user base ahead of the loop — and look, as someone that once had a 47u rack server full of game servers and had a script kiddy flood my whole ip range taking them all offline I understand your pain, you’re in the midst of it. Fighting it off the best you can with the tools you have — your literally in a swordfight with someone with a thousand more swords, you don’t have time to be doing the social part, which is I why I suggest we form. ..
.. .a social media response team (@steemithelp)
Either on twitter, facebook, instagram wherever people want to find out information about the platform, wherever you want to point them too, we need a collection of advocates around the globe that can be on call around the clock to feed back from a master update system, be it a channel on a discord server or wherever so we can spread that news out to the masses. I’m happy to throw my name into the hat because I’m pretty much online most of the time (apart from sleeping!) and so happy to craft and update people when things go awry.
conclusion
Just wanted to throw my $0.02 into the ring on it, I hope these are some useful ideas generation and that something might come from discussing them here, if not for the improvement of comms to the steemit user base or to the higher up whales and developers that already do a fantastic job of keeping the good ship steemit floating in the right direction.
Peace!
Teamhumble X
'to protect and serve ya updates'
