There are some considerations that I believe should be made when choosing witnesses. I am not certain some of the information that would help with this is EASILY available. If it is not then we should work towards making it so. Why? There are some other important considerations in voting for witnesses that I've only recently begun to consider.
I've had people say "you should be a witness" and while yes I do have a network engineering background and I likely would be a good fit, this is not something I wish to do at this point. I believe we have plenty of good people willing to take on that task for the moment. Though depending upon how things fare, or what I learn I may change my mind. In fact, I am potentially considering that in the future.
For now though let us consider the beauty of the blockchain. We know it is protected from censorship and take down largely due to it being a decentralized file system. This means it is replicated across the witnesses. If these witnesses are spread across multiple countries, states, etc then it makes takedown even more difficult. Currently there are 19 active witnesses and many more backup witnesses. The witness voting section lists the top 50. This makes our blockchain rather ressilient IF we are smart about our witnesses.
One very important piece of information when it comes to witness nodes is "Where is the node actually being hosted?" and this is not information that is easily obtained (to my knowledge). Yet, in thinking of attack vectors to take down or censor our blockchain it is one of the most important pieces of information.
If our nodes are widely distributed then that makes us less vulnerable. What I realized today is that there is a potential that a large number of the nodes are AWS (Amazon) or Azure (Microsoft). If a significant number of our witnesses or potentially ALL were on the cloud through those providers due to us not really being aware then there may actually be 19 active witnesses. If they all are running on those clouds then theoretically the ability to take down the blockchain could drop to being done by only getting those two companies to go along with it.
Having some nodes hosted in these locations makes total sense. It also makes sense to do front end websites at such locations. For the most indestructible version of our blockchain though we would want a significant number of witnesses that were NOT being hosted in the same clouds as the other witnesses.
This also would be nice information to know when voting for witnesses. If they could show something like an IP address and mask the most significant octet then at least we could do a whois when voting and make sure we are not sticking too many of our eggs in the same proverbial baskets. Some people may indicate knowing the IP could reveal too much and make the witnesses (people) themselves vulnerable. Not really if we conceal the significant digits. For example: 192.168.x.x is a local network and wouldn't EVER be the IP of importance for a witness. Yet x.x do not need to be shared. In this case the 192.168 is significant enough to identify this class of network. (not even touching IPv6 here) Yet we could determine country, we could see if they were using IPs belonging to Amazon, Microsoft, etc. It would help us in making sure we are actually spreading our witnesses around as much as we actually think we are.
It's a blockchain targeting nodes is pointless. Even if all 10 witnesses go down, the chain would be down for a day or two until they (or anyone else) setup a new server and sync the data and it's up again.
The only vulnerability is if they could take down all the nodes. The more nodes you have and the more distributed they are the more and more unlikely of this being achievable becomes.
Nice to know @dwinblood, the issue is, amazon and microsoft have very resilient servers, so it makes sense that most nodes would be hosted therein, but what other providers are available? I personally do not know any other provider, though to ne fair im not a technical person.
One thing for sure @dwinblood, if uou do run for witness, youve got my vote! I appreciate your works here on steemit.
Oh I totally GET why they do it. AWS is easy to use and for simple stuff it is free to use and it can be setup to quickly scale to need.
I totally understand that. My point was simply to consider that if all of our servers end up on AZURE or AWS then technically we are not vulnerable as long as Amazon and Microsoft leave us alone. :) If enough politics and corporate corruption occurred then such servers would be vulnerable.
From a scalability and ease of use perspective though they are hard to beat.
I have a business class internet and static IP at my house if I ever do it that's where I'd start and if I need to scale I'd likely scale into a data center that I really like. Though I'm only toying with that idea at the moment. I may decide to go that route because people have asked me, I hadn't started considering it until then.
Interesting and makes sense , Thanks for sharing just hope they work together on this ...
Shameless self promotion, I just fired up Witness and I'm not using Amazon or Azure. My IP is 88.198.x.x
I'll give your blog a look. Have you made a witness campaign post yet where you let people know who you are (for those that may not have interacted with you a lot), why you are a witness, and what your vision for steem/steemit future is, and whatever else you personally think is worth mentioning... such as the fact you are not on Azure/Amazon and... 88.198.0-63.x (Germany - Datacenter in Nuernberg) or if it is a different 3rd octet you may want to provide that so we get it right.
Or just go with the fact you are coming from Germany. Are you housing this in a data center, or elsewhere for the time being? If it is elsewhere what type of internet connection are you using.
I don't personally yet know how important all of this would be... I'm just asking technical questions that I might have later to save you some questions. And yes, I'll check you out as I have a few votes out there that are for people that seem rather dormant so I could move them.
My witness post is:
I'll be honest I'm not a mega poster nor will I ever be. I like to read and post a relevant comment here and there. I'm more into the technical concept of Steem, rather than the social side. I have a Facebook account that I have only my family as friends, a Twitter account that I think i posted last a couple of years ago, etc. etc. I do enjoy Reddit but rarely post. Anyway I've been personally involved with Bitcoin for quite a while and that's what brought me here. As said above I'm interested in the concept of Steem but I'm don't seek or crave community in my personal or online life. I know some may find that off-putting but it is what it is. I am a voracious reader of interesting articles, so in that sense Steem is immensely valuable to me. I took a long break from Steem and have recently come back and the quality of content has definitely increased.
Anyway, my Witness is quite solid. I use a Privex VPS server provided by @someguy123, details can be found in my announcement post.
Thanks for reading and your consideration.
hat tip
Good Info. Thank you. @dwinblood
Like This post
These nodes are scattered and the Idea of control is still in question as in the white paper for BTC it said if the issue of a takeover should happen the one launching the attack would only be able to reverse payments that he made, However I would really like to see a test of such thing for all cryptocurrencies to see what really happens as it hasn't happen as yet
Thank you as always for sharing a perspective that may not be embraced by all! Steem On brother!
Winblood 2020! Well, let's hope it doesn't take 3 years until you finally run for witness. I do think you are a perfect fit.
I think I will not go into a phase were are start looking through all the witnesses there are in the top 100 to then decide on them, I will rather vote for people that I get to know via blogging and commenting. If I like them, they run for witness and I think they are a good fit.
There are three people so far:
@felixxx ; I had a long discussion with him about Steemtrail as he was a Bernie-Supporter. Even though we did not really have a conclusion after the debate, it was one of those really good controversial discussions. A witness does not have to share all of my opinions, but he needs to be able to discuss those with me.
@neoxian: Not sure if he is actually running, but he gave me a lot of pointers when it comes to Steemit. He is also a funny guy who tries to do a lot for the community
@jerrybanfield: I know him from when he started to play League of Legends. He was always an honest guy but he was more of a joke to me back then, he was failing horribly in a game that I knew in and out. His Steemit articles seem to be very extensive and easy to understand. To put it in a condescending way; I came to appreciate his simple-minded approach to things, because I am a total noob when it comes to crypto and since I am not the only crypto-noob on Steemit I think it is quite valuable to have someone who can put it in simple/step-by-step words.
Not sure what using a cloud has to do with IP (because lack of knowledge), I would guess the clouds have some sort of special IP?
If you use Amazon unless you are routing IP blocks owned by you (not what people normally do) you will be using elastic IP or static IP supplied by Amazon. What this means is Amazon owns a chunk of IP addresses. When you set up a server and it is running live one of those IP addresses will be assigned to you.
So if there are 10 witnesses running on Amazon out of the top 19 (not actual, just as a hypothetical example) we could potentially determine that by looking at their IP addresses and seeing which company those IP addresses are registered to. If they are all Amazon and in a big contiguous block then you know those 10 witnesses all could potentially go down if something happened with Amazon be it accidental, or intentional through government/corporate pressure. So 10 of your "distributed" witnesses would technically only truly be distributed as long as Amazon remains Hands-off.
As far as accidental down-time. Amazon offers services that are supposed to work if one data area goes down, but you have to pay extra for those. You'll usually pick something like East Coast, or West Coast, but if you want both for redundancy that costs extra and a lot of people don't do that.
I haven't looked much into Microsoft's Azure, but it is likely similar.
There are other extremely technical ways sites can be attacked that have little to do with Amazon, Azure, etc. Those cannot be completely avoided, but by being highly distributed it is a lot more difficult and can near impossibility to accomplish. I never say "impossible" as an absolute as that is like honey to flies in tempting someone to prove that it was possible. :)
diversity for stability is of course a good concept to protect the blockchain and thinking you have complete security is like building an unsinkable ship. If there was only a famous example that I could use as analogy...
I am still not quite sure, are you talking about the service provider people use for their internet in general or is Amazon offering a special server-based service? In Germany we have different internet providers mainly Telecom so I always get confused when talking about the US systems.
Btw do you know Peter Thiel? He is actually someone who made me think that maybe not all economics is evil before Ron Paul did. I wrote a small post about him, he has some really unique approaches.
In the U.S. and likely other places Amazon has a cloud service that is pretty good and easy to use and can auto scale to usage. A large amount of servers and websites have been switching to it. It is known as AWS.
ah OK, I get it. Thanks for the explanation.
I've never met him, but I definitely do know who he is. :)