You are viewing a single comment's thread from:
RE: Steemit.com is experiencing a DDoS attack.
Some questions:
- When will steemit have a proper status page with outage reports and updates on progress? This is quite standard for online businesses today.
- Why no word from the @steemitdev account? Until a proper status page is up, updates from that account would be greatly appreciated. 9+ hours of downtime with no update is pretty extreme.
- Who is running the Steemit twitter account? Are replies like this normal? Seems rather unprofessional.
- DDoS is rough. I'm sure you are all doing the best you can under the circumstances, but why not put something behind a service like Cloudflare? Why not put up a static page on a global CDN with periodic updates and update dns for steemit.com to point to that until you're up and running again?
Seeing 5XX errors on a global site like this really hurts confidence. Twitter has their fail whale. Github has the angry pink unicorn. Can we get something for steemit as well? A static page communicating that you are aware of an outage goes a long way.
Thanks for listening. I hope you and your team are able to navigate through this quickly and put things in place to ensure it doesn't happen again in the future.
Edit: More thoughts here.
I 100% agree to status pages! Steemit is lacking many things that can be expected from an entry level decent webservice. STINC seems not to care about the community that makes them big! But I think in cryptospace anything goes, spamming scamming and enormous egocentric behaviours and not understanding how to deal with communities, consumers etc including the lack of understanding how to actually make a good social network with a monetisation model for those who need to create, run, manage and operate it.
Well said!
Spot on, Luke.
As the popularity and visibility of the platform grows, we also need to put a little more effort into the "public face" of Steemit. We can't honestly expect the world to take us seriously enough that Steemit becomes a "household name" if we come across as a Made in Bob's Garage Production.
Yes, I think we need our own "Fail Mascot" here. We have tons of talented graphic designers here... maybe even turn it into a community contest/challenge.
Not super impressed with the twitter response... a little too "home made" and not very professional.
Luke nailed it. All 4 points were spot on.
Whoever is in control of the Twitter account needs to be removed immediately.
"Luke nailed it. All 4 points were spot on."
AGREED!
And as for @sneak's quote...
Stay "TUNED" where exactly? Twitter?
Man...
I only use SteemIt because it's the only Blockchain out there that does what it does.
But based on it's "Team," it is also THE WORST.
That twitter exchange is horrible... Stuff like that puts steemit in a terrible light. I also would like to know who is running the account.
I just put some thoughts down in a post. We need our own fail mascot. I'm trying to stay positive about this stuff, but it's difficult when some basics aren't in place like a status page or a static "We're working on it!" page.
A little bit tragic, at least for me personally, that I made such a confident post on why we needed Steem and used a picture of the Reddit failure one...
Brovo, Sir!
Some basic, basic steps need to be taken.
What is the worst case scenario if we NEVER do that?
Seriously, though - this is a rare occurrence. If we do none of that, then what is the delta between doing all of that? There are some major security considerations involved in doing that that Twitter and GitHub don’t have to contend with.
We are different than other companies, and will likely do a lot of things differently than people are used to. Some will be better, some will be worse. In this case, though, I ask you to consider the alternative. It’s confusing for the subset of active users for the subset of time we are down. What is the harm done?
That Twitter thing was a straight fuck up, though.
Worst case? The company and the site will not be taken seriously by professional investors and brands who might otherwise integrate and risk their brand reputation by being associated with this project. I know that's an extreme case, but please hear me out.
This, I think, gets at the core of concern I've been hearing from the community over the past year+ I've been here. 10 hours of down time for a brand is serious harm done. Any and all downtime that isn't well-communicated and explained is harm done. Most professional companies fully and completely understand this. If Steemit, inc does not, that's really concerning. People that may have been supporters of the platform may never come back because of that failed first impression. It seems more shady if the site returns a default browser error than if the site has a status page and explains a professional team of developers know about the issue and are working on it. If people can't review a history of previous downtime on a status page, they can't evaluate if the site is legit or a scam during those outages. Too many people already think anything cryptocurrency related is a scam and impressions like this don't help improve that perception.
I have to respectfully disagree. Being out this long due to a DDoS attack, yes, that's very rare. Seeing a 5XX response on steemit.com? Unfortunately not very rare. Over the past year, it has happened many, many times to me and others. IMO, it's well past time to have a status page and a professional 5XX response page. For each hard-fork that I can remember, the site experienced some issues. IMO, it would be much better to display a status page instead of a broken site.
GitHub deals with PCI and HIPPA compliant source code for companies processing billions and billions of dollars worth of transactions. They have very serious security considerations. Same for Twitter. Can you imagine the brand fallout (or even global fallout) if the Twitter account of the president was hacked into?
I think I understand your perspective, but I hope you're open to hearing an outside perspective as well. What you're saying sounds elitist to me. Arguing Steemit has more advanced security concerns than other sites and therefore can't have a global CDN or a professional status page doesn't make sense to me. You have vendors for your web servers, your DNS, your image hosting, etc, etc. As I said before, if you don't trust your vendors then you need new vendors. If you do trust them but a status page, professional 5xx landing page, and clear communication are not priorities, then just state that instead of bringing up security concerns that, to me, don't make much sense.
I'm open to being completely wrong here and not fully understanding the unique challenges you face with this site, but so far, what I'm arguing for here seems pretty obvious to me.
I know I'm being tough, but I really am on your side. I've always been a big supporter, and I regularly get flak about it in the chat rooms. I really want Steemit, Inc to succeed. Unfortunately, too many people use the term "STINK" instead. IMO, being humble about weaknesses and open to criticism and improvement suggestions (and implementing them) will go a long way towards improving community relations.
Thanks for responding. I love that I can openly (and hopefully respectfully) voice my concerns and be heard directly by you and your team. I look forward to hanging out at Steemfest2 and meeting you all in person so we can tell war stories of major site outages I've experienced as well.
Tossing around PCI and HIPAA (not HIPPA lol) without understanding the specific security requirements of steemit.com in this instance just tells me “I don’t know what I’m talking about”.
That’s not elitist, it’s just you not understanding the specific risks to this site.
I’m happy to take some time at steemfest to explain in depth to you why what you’re proposing is a bad idea.
I think that’s vastly overblown, and I think you’re making it up to win an argument. Any downtime, splash page or no, harms the brand. I asked for the delta.
Sorry for misspelling HIPAA, thanks for pointing that out. I have some slight dyslexia, so it's unfortunately common for me to mix letters up like that.
I think the community would benefit from understanding more about the specific security concerns of this website. If I, a ten year veteran of my own software as a service company which deals directly with security, am ignorant of it then most others are as well. If our frustration is based on ignorance, please help remove that frustration through education. I'd really appreciate reading a post by you or the steemitdev account so I can better understand what makes Steemit so different.
Is this something you or your team will put together? Communication is key, and I keep hearing from the community how people want more of it.
I don't understand what you mean about a delta. You asked for the worst case scenario. I tried to come up with one like you asked. Then in a separate paragraph mentioned a delta. What do you mean by delta? Do you mean what's the difference in harm between going down without a status page, site down page, or clear communication about the outage, what caused it, and how it was resolved compared to having none of that like we do now? IMO, it's quite large. People are left with the impression this site is not professional and not ready for mainstream adoption or integration.
It seems the site is down right now again. I'm glad to see a Tweet about it, but without a status page or a static site down page, how is anyone supposed to know your team is working on this and taking steps to ensure it won't happen again?