What I Learned From Hardfork 20 - I Was Wrong about my Witness Votes
Yesterday, I mentioned in chat on SteemSpeak https://discord.gg/rDVmYcj that what I am wanting to hear in the aftermath is people stepping up and saying what they could have done better instead of pointing out where others failed.
To be fair I've heard a few say exactly that. However, I've heard much more finger pointing and rock throwing. I heard one witness today say, I am glad I am not a top 20 witness so I didn't have to decide whether or not to launch the code.
As a stakeholder my responsibility is how I use my stake to vote for witness, and the frustration in that is how little impact my vote holds in the process. It is my responsibility if I wish to have more influence to hold more stake. However, at the end of the day, I need to be a good actor with the stake I do hold. I've been taking that responsibility lightly.
When the discussions about Witness Vote Selling were going on I also took a passive position in that discussion.
I said, "Who cares there are hundreds of people who can and do run a witness and it is very clear they already sell and trade votes. As long as the blockchain moves forward every 3 seconds I don't really care who gets the blocks."
I was wrong and it took this situation to highlight why.
Regardless of how much stake SteemIt, Inc. holds they are a development group, and the Witnesses are our security. When it comes to security the buck stops with them. In order to trust in a cryptocurrency one has to believe the code is being reviewed/audited and understand the code is law.
SteemIt, Inc released code which caused problems, but worse than that I heard witness after witness state they can't or don't read the code. I heard witness after witness state they fear being unvoted if they don't immediately drop the code. Which I consider to be beyond irresponsible, but more importantly a huge security risk. Yes, I know others have been saying this all along and I was slow to see why.
My logic says that should be a deal breaker for both investors and those who want to see the cryptocurrency movement move forward. How can you trust the code (law) if there isn't a process to check it for bugs, malicious code and other security factors?
Our ability to vote for Witnesses matters and I am left wondering how to evaluate who to trust as I watch patch after patch being applied as soon as it is developed with no obvious process (Let's hope it is going on behind the scenes) to check what it does and what is in it. The race seems to be to apply it as quickly as possible. I understand this is being done with the best intentions to get things up and running well again.
I have changed a few of my witness votes and the process isn't done yet, but I am thinking that even though I understand the blockchain and how it works that I should proxy my witness votes out to someone that has the ability to "Interview" or "Evaluate" witnesses skill levels and processes for reviewing the code. These witnesses in my opinion would also need to have the ethical fortitude to put security in front of short-term monetary gains.
I'm still thinking about all of this and letting it settle, your thoughts will help me firm up my own opinions..
I am not upset that bugs were dropped or that code didn't work exactly as planned, but I do now have my eyes opened to what I see as an unacceptable security situation.
Let's talk about it in the comments.
@whatsup,
I think witness should have ground knowledge of coding! Otherwise, this type of problems might arise! Anyway, this is why we need a powerful testnet! Coz reading a code that done by someone else and get a clear idea about what will happen there is a myth for most of us! Only genius can do! So, it's better put everything in a testnet and run all types of testing to find bugs!
I hope these principles might add in future with next HFs of the STEEM!
Cheers~
Yes, I want to see the witnesses supporting the testnet for sure!
@whatsup,
Yeah that's the issue, nothing else! If they did proper testing everything might work smoothly!
Cheers~
That is one of the most difficult topics here at steemit. First of all, one must look if it is indeed decentralized, and if a business actually can be decentralized at all, and can run through the efforts of the stakeholders.
It may be technically decentralized (from that I have no expertise or competence to tell - but to trust) but obviously it is not so much on the social side.
What is also a matter of fact is that this is a crypto based platform and therefor it is on the top of high risk ranking businesses. The role of Steemit Inc. is not clear, in particular not to new people who just enter the blockchain.
A lot is being left to the single user to decide on, which I find correct as when I have some business attached ideas to my blogging activities I should first of all check if my plans are reasonable or if I would be better of investing my time and energy outside of a blog chain and promote my business elsewhere.
From my point of view steemit is kind of a hybrid. A lot is managed from the many users - technical wise as well as community related. This whole thing is in early stages considering that decentralization is a very very unusual concept to all of us as we are mostly used to hierarchy. But one cannot totally neglect the hierarchy, I think.
How I understand business there has to be at least a team which secures that the system runs and can be looked at as a success. But whom are you going to ask? Are there any balances and business plans you can check? Who would give them to you? Is steemit Inc. still the main driver of this blockchain or the many sub-cultures who gathered here online?
In order to track those questions one gets lost in this vast space. There the witnesses come into play. I do not know a lot about them, read through some reports and posts of several witnesses and made my votes. If they are the ones the functionality of the blockchain is mostly dependent on, I would not only ask for the technical stuff but also how they work as a team.
Life experience tells me that your team needs many different skills and views as well. One can be a brilliant coder and programer but not so good in talking to the community. Another one is highly competent in public relations (in a sincere sense of meaning to get in touch to the many). Then you have the visionary and artistic one, and you have one with strong ethical conduct and one who is scientifically oriented. I simplified it a bit but in a group it's important to have a certain dynamic and not so much heterogeneity. And so on.
In a democratic world this witnesses do not always agree with one another, in fact, they must discuss and argue and then be able to come to a consensus when every voice is being heard and seriously considered. The next difficulty is: on what base the team is deciding on its next steps? Is it a democratic approach or can it also be another approach (the Internet is full of fascinating alternatives how to come to consensus). This process actually should in one form or the other be revealed to the users.
But where?
From my point of view there is a thing missing here: Right now we see a blue bar at top of page, before this it was red. I find this a good method to be used for informing all users. Why aren't the witnesses using it? Or do they? Who decides on this?
I think, why this does not take place may have to do with the fact that if there was an official central place where you can "see and talk to the witness team" they might be overrun by the stakeholders. Or afraid of not being able to handle and select the many comments ...
I don't know. I think the witnesses themselves could answer on this.
I would like to make this comment to highlight an unacceptable situation.
So in the development world you would normally have 3 different environments.
The Devs test whatever code they are currently working on in the Dev Environment. After the code is tested in Dev said code is pushed into the Test Environment. The Test Environment should be a copy of the Live. This is where the witnesses should go and do Quality Control in order to insure that the code is ready to be pushed to Live.
As of this moment. This sort of software testing is not in place. I agree with @whatsup that the Witnesses should be QC'ing the software. However the basic tools to do the sort of testing that needs to be done are currently not in place. This is a major fail.
As it stands the current method for deploying software to the live environment is deficient. Developing software and deploying to live without proper QC is irresponsible. If you did this sort of thing in the real world you would be fired.
@ned changes need to be made so that we do not go through this sort of disaster again.
Excellent point and with real value in my account, this world is as real as it gets. :)
Let us know when you finish.
Thanks for translating this into English - it's only because of people like you (who can communicate) that I even begin to understand any of this stuff.
I am delegating my witness vote to ausbitbank because he seems to be really on to it. But I'd like to hear your opinions on witnesses.
And any opinions on this response?
https://steemit.com/dtube/@clixmoney/2l7bulix
Oh... homework! I will take a look.
Someone at Tesla just got demoted by shareholders.
What was his name? Hmm
Lol
Best post in a while.
I love your integrity and you love for Steemit.
Keep going!! Yay!!
Joy
Haha, good point!
I think Steemit Inc need to make sure the code is fully tested before the witnesses can enable it. I heard it was tried on a testnet but obviously that didn't pick up the problems. I'm not overly concerned, as long as something is done to prevent this situation happening next time.
They are working on a test net, I hope lessons will be learned on their side as well, but the buck stops at the witnesses or we have no security against malicious code, hackers, etc. There is too much money involved to trust one company to ensure the safety and quality of the code, and the idea of witnesses is to have peer reviews and audits done on the code.
It is crystal clear to me now, that this is a deal breaker.
I am glad that you are finally seeing the light. The top 20 are our gate keepers. Many of which would not be there if not propped up by the@freedom / @ pumpkin witness vote. We need to deal with that issue soon.
Edit: you see the dark blue line. That is @freedom/ @pumpkin.
Yes, I acknowledge, I didn't see it, didn't understand outside of a concept why it is so important. I am awake.
I can't believe how @ned and company could release an obviously untested fork onto the community for the witnesses to scramble to hash out. Good intentions on the surface, but bad management to throw something at the wall and hope it sticks, when it clearly wasn't debugged/tested/quality controlled enough to miss a massive error. If it was a tiny issue that slipped through the cracks, that happens. However, this was a crater of an issue.
Do all witnesses have to be tech/code gurus to effectively hold the role? In what is often a political or popularity contest, that's far too much responsibility to put on people who can be elected in without formal credentials.
I absolutely now think all witnesses need to be able to read and evaluate code and also to understand that is their primary job.
I absolutely know now that the potential for bad actors to slip in malicious code is real, a threat and could immediately wipe away whatever amount of stake I have in a platform. More importantly, as someone who wants to see cryptocurrency move forward, it will create unwanted regulation and hurt the entire movement if we support and engage in blockchains which are not owning their responsibility to police ourselves.
as far as I am concerned I am a novice when it comes to a lot of the intricate things on this blockchain. However with the recent events on the blockchain like the dlive issue and now hardfork, it is apparent that we need more accountability and transparency and better representation. the sustainability of this blockchain depends on it. it is not about spreading faux optimism when things are going bad. I really do a lot of insincerity, and we need to looking into those we are voting as witnesses
Yeah, I'm thinking maybe most users should have a proxy vote. Including myself.