So, are things ready for Developers to really get going yet? Every-time I tinker with Dfinity I generally have a good time, and I’d like to start working on some serious projects.
Right now, here is what is holding me back:
Can we expect significant breaking changes to Motoko? I don’t want to invest time in writing code that is going to require large refactoring.
What does the future of Dfinitys JS agent look like? It’s not obvious how I should handle user identities. Should I just bake in my own username password signup - completely acceptable if so.
If I’m not worried about a datacenter being malicious. Are the general purpose canisters data secure enough? As in, the only way to access the data is through my APIs, or ripping the harddrive out and peeking at it.
I don’t want to ask when we’ll be able to deploy to mainnet because I’m sure there is still a lot of work to be done, but is there like a larger timeline you can share? 2-3 months 6-12 months?
I know you’ve started building already! For others reading too:
There have only been incremental changes recently which have been easy to manage with even quite large projects, the compiler and strong typing pick up the changes needed. I expect this to be the case going forward.
A bit more documentation is coming re the js-agent/how users manage identities stored. As I’m sure you know you can consider this on a separate layer though, so you can build the backend out using callers’ principal ids for access through the canister interfaces and come back to how a client might store the identity.
The two options you give are the only way in.
More of a project management question I realise, but this shouldn’t hold anyone back thinking of starting projects on a technical front—the local dfx tooling provides everything needed to build, new features are continually rolled out alongside the live network and it’s designed to be the very environment you use for developing full projects.
I would like more clarity from Dfinity on their security model especially with regard to third-party data centers. For me this is a huge blocker to a fascinating platform.
It seems like mining is private at the moment (even on testnets) and there is no miner source available? But at some point they will pivot to public mining?
It seems the idea is that anyone, anywhere in the world, is able to contribute compute resources. New nodes are added by a vote of the NNS but I can’t see if that involves any kind of offline security verification or commitment (like a security audit or bond?) or it’s only a technical decision about network capacity or something.
Do operators still have root on the machines they own, as when mining other coins?
Dominic posted photos of IC custom hardware, which looks like a generic 2S/1U server but I guess has some custom features that are not obvious in the photos. Are those features essential to security?
If we assume datacenters are trusted, why have a consensus mechanism? You could give the message to any DC and trust it will compute the right result (as Dfinity in any case does for query calls). Removing this would seem likely to significantly improve latency and overhead for write ops.
Conversely if we don’t trust DCs then how do we know they won’t peek at the data?
Not many business or financial applications can run on platforms where unknown third parties can be snooping your data. It’s obviously a problem for anything that handles end-user data subject to GDPR, like a hypothetical Dmail.
People have mentioned CPU trusted computing features, but this does not resolve the contradiction. If you trust enclaves for confidentiality and integrity in untrusted DCs then you don’t need consensus. If you don’t trust them that much then you still have the snooping problem. The same goes for homomorphic encryption.
I’m sure the smart people at Dfinity have thought about this too but I can’t find out what their position is: are DCs and compute nodes trusted or not?
Edit: Enzo specified elsewhere that you do need some kind of permission from NNS consensus before you can mine. However it seems the idea is still there will eventually be hundreds of independently operated miners. Either way, what assumptions are made about their security?