Whaleshares Logo

Verbaltech2 - BitShares Witness Report - Monthly Update

lets-share-waylzPosted to Public10 months ago4 min read

Verbaltech2 - BitShares Witness Report - Monthly Update

bitsharesMunich.png

Activities for November included deploying the patch to address the chain halt on November 26, and the usual maintenance chores. I have also increased my posts on the bitsharestalk.org forum, on Telegram and github. This is my first post on whaleshares. I will continue to post a link to these reports on steemit and on the bitsharestalk.org forum.

I hope my posts will be useful to witnesses and others in the blockchain space. It is a bit of a niche audience, and it remains to be seen if my reports provide value to this community. Cast your votes and we shall see :grinning:

I chimed in on this git PR discussion (https://github.com/bitshares/bsips/pull/120) to voice my dismay at the resistance to adding witness_node version reporting to BitShares, already a part of the steemit, EOS and whaleshares blockchains. The primary argument against it is the claim that providing a node's version would somehow be a security risk. My counter-claim is the benefits to providing the version info far outweigh the limited risks.

A perfect example is the API nodes that have not yet upgraded to the emergency patch released to fix the bug that halted the chain last week. Are any of those API node operators witnesses? If so they are very neglectful of their duties and should be voted out, if they haven't updated their nodes in over a week! But we can't know that b/c the BitShares blockchain doesn't record the version of nodes like steemit, eos and now whaleshares chains do.

Apparently these non-upgraded nodes are creating a major issue with the UX of the wallet, in that when it encounters one of these older node versions it causes a "WSOD" (WhiteScreenOfDeath). I ran into this myself using the most recent "light wallet" release. I was able to get around it using the dev tools of the client to switch out of automatic node selection and add a known working node.

Any vulnerability related to a specific version could be exploited by simply targeting more than 1 version. There shouldn't be very many versions in production anyway. At least the witnesses / BP nodes should be required to report their operating version, and a case can also be made it's important for API node operators and validators also. It's a matter of keeping the nodes of the network operational with consistent behavior. There should be no "customized" binaries out there, as that shortcuts critical aspects of the software development process, such as peer review, quality control and testing.

Why do we allow a random mixture of node software versions in production? Those are combinations that have not been tested together I might add. This increases the possibility of introducing vulnerabilities or errant / buggy behavior that users have to spend time and energy to deal with. Perhaps they just decide it's not worth the effort and stop using the platform. I'm actually shocked I have to explain these potential dangers when no explanation or evidence has been provided to justify allowing inconsistent versions.

Total speculation on my part, but could it possibly be some node operators don't want shareholders to discover they aren't running a released version but rather one customized in some unknown way? Sure, code is present that validates the blocks to be conforming, but with such a highly complex body of code can we be sure such customized versions aren't introducing more subtle problems that the transaction validation logic doesn't even (need to) check?

Something to think about. I've been an advocate for better standards and conventions, for witnesses in particular for years. I'd like to see hooks such as version reporting added to the API to help automate witness duties and provide metrics to evaluate them objectively. Whether you agree or not, make your opinion known.

I am dealing with a hosting issue on my testnet node so until I resolve it, it is offline.

That's all for this month. Here is the market summary since last month (all prices via CMC): BTC=$4,059.88, BTS=$0.048, STEEM=$0.33, EOS=$2.61, PPY=$1.19. I'll list WLS when CMC does.


Amsterdam

seed04-12-02-18.png

Gemany, node 1

seed05-12-02-18.png

Germany node 2

seed06-12-02-18.png

Singapore

seed07-12-02-18.png

Your vote for witness
Verbaltech2
is greatly appreciated! Thanks for your time and attention

Comments

Sort byBest