Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Rex Hygate
    @RexShinka
    Welcome the the Guidelines Gitter chat room
    Bryant Eisenbach
    @fubuloubu
    Wut up wut up
    Rex Hygate
    @RexShinka
    I am just making the pages ready for my demos at Denver and that will include a gitter channel link on each page.
    Roman Pavlovskyi
    @rpavlovs
    Nice!
    Javier Tarazaga
    @javier-tarazaga
    Good morning everyone!
    Javier Tarazaga
    @javier-tarazaga
    I was reading the https://guidelines.secureth.org and would love to hear more about procedures and best practices which could be actually implemented when developing DApps
    It is really interesting how blockchain specific dev has taken the development process back to a more waterfall model :)
    Bryant Eisenbach
    @fubuloubu
    Hi Javier! Thanks for giving them a look! Was there any section in particular that you think would need more explanation on?
    Bryant Eisenbach
    @fubuloubu
    Do you have sections in particular that seem to be missing?
    Hey Javier! Yeah, we were working on this this a bit ago, thanks for finding it helpful!
    Hi Javier! Thanks for giving them a look! Was there any section in particular that you think would need more explanation on?
    Hey Javier! Yeah, we were working on this this a bit ago, thanks for finding it helpful!
    Rex Hygate
    @RexShinka
    Am I advised?
    Bryant Eisenbach
    @fubuloubu
    Crap, sorry for sending that 3 times lol. Phone k. The fritz
    Javier Tarazaga
    @javier-tarazaga
    Haha sorry, that I have notifications off in Gitter (I always ending getting a ton of stuff) and I didn't read it until now.
    Well the part from Network Release is quite empty and I feel curios on how to deal properly with deployment routines for SC, specially since it is so important.
    Bryant Eisenbach
    @fubuloubu
    Ah, gotcha. Yeah we didn't quite get to that place yet, we were going to adapt some of the Parity procedures because they learned so much and (obviously) know how wrong things can go when you don't have procedures in place for normal and emergency scenarios
    For the normal path, the suggestion is to put the entire process in configurable scripts, so that no step gets left out and it's as flexible as you need it to be. Nothing should be done manually.
    Truffle has migration scripts for this, and that's good enough
    For emergency scenarios, take a look at your deployment process and code and identify every possible situation where something going wrong would cause a redeployment of some or all of your code.
    If possible, try and make migration scripts for these paths, and document very well under what scenarios you should execute them.
    If it isn't possible, or you make too many similar scripts, reduce the amount of them by clearly documenting the configuration and options you have available to you. You'll thank yourself later.
    Bryant Eisenbach
    @fubuloubu
    The idea is that in an emergency situation, you are not thinking clearly and your instructions serve as contingency plans that help you through the problem and hopefully give you the best shot at avoiding catastrophic bugs from impacting you and your users
    Lastly, think through all the parameters you have available in your system that you have control over. Perhaps you gave yourself some right to update and exchange rate or specific smart contract address through an engineering account or governance process. These parameters may also help you mitigate potential disasters and you should think through how you can make use of these parameters to avoid or mitigate perilous situations or correct bad behavior you view in your system after launch. Again it's good to document it out for yourself for later.
    If it's your first launch, you might want to give yourself a few more of these, and then remove them in later iterations as you learn more about your system.
    Hope that helps!
    Bryant Eisenbach
    @fubuloubu
    Also, random aside, Status has an annual event that I think is really very cool. They take 24hrs and conduct an exhaustive search of their stack for problems and issues that they find. This might be a good thing to do on a regular basis to keep you on your toes: do a dry run "live fire" exercise of your procedures every 6 months or so to keep on top of what would happen in a emergency scenario, and look for mistakes or ways to improve it. This also keeps the system architecture fresh in your head. I can't tell you the number of times I had to look at something I did 1-2 years ago and I can't for the life of me remember what I was thinking!
    The key point in all of this is that deployment isn't where the journey ends, but where the journey truly begins in supporting your application with real users and funds
    Javier Tarazaga
    @javier-tarazaga
    Thanks for the detailed information @fubuloubu ! In fact I ask because we are actually working in a DevOps platform for web3 development and we the extensive research we are conducting, the most problematic parts right now are creation (writing good code) + release (how do you actually deploy in a safe and automated manner and can you do it in a secure way) + monitor (once you have deployed, what is actually happening with your contracts)
    of course, reading best practices really helps, specially since we are also aiming at promoting them, making sure people write web3 apps in the most secure and effective way :)
    Btw I have been talking to a bunch of people and could not get a good answer. How did you solve the handling of the private keys when deploying?
    Javier Tarazaga
    @javier-tarazaga
    btw @fubuloubu also, in your opinion what is the biggest challenges so far you are be facing in the entire DevOps operations?
    Bryant Eisenbach
    @fubuloubu
    So, I haven't gotten to the whole devops part of thing too much so far. Part of this analysis comes from previous experience in other fields supporting flight aircraft, and the other part is listening to people like Parity and what (big) lessons they've learned from not having good devops practices in emergency scenarios. Lessons that we're learned the hard way unfortunately.
    Hopefully that'll change soon, I am working on a project I intend to launch before next year.
    I have a library written in Python that manages my dev keys locally on my laptop. They are stored in an encrypted keystore.