Minggu, 25 November 2018

The blockchain isn’t just for web applications, silly rabbit.


Scatter is a digital signature provider for the blockchain. Learn more about what we are building here.

We’re in a good place right now with blockchain user-experience, at least relatively speaking. It wasn’t too long ago where interacting with web applications running on the blockchain was incredibly hard and not something the majority of even those that are computer literate could accomplish.



Before MetaMask came out with the brilliant idea to interact with web applications through a secure extension users had to go through a tedious technical process to sign and send transactions to contracts from the command line or any wallet capable of doing so ( which there actually weren’t many if any at the time ). Either that, or they had to forfeit their private key to untrusted applications on the web. This of course led to hindered adoption of smart contract fueled applications because it’s not only unfriendly, it’s down-right dangerous.

Now, we’ve come even further. We have mobile wallets with built in dapp explorers so you can use blockchain enhanced web applications right from within your favorite wallets. These tend to provide a wonderful user-experience since the users are already familiar with the wallet.

In both of these cases though we’re stuck. We’re stuck using web applications only, and in some cases only the web applications that someone has said we can use. There’s a lot of issues with both Web Extensions and Dapp Explorer Wallets. Some of them are pretty bad to boot.

Let’s look at some of the shared pitfalls of both Web Extensions and Dapp Explorer Wallets
- They both only support Web Applications
- They both put the user’s private keys into the same scope as the website.

Dapp explorers have a few more downsides/restrictions as well

-          The team behind the wallet controls what dapps you’re allowed to use, which puts centralization back into the mix.
-          Dapps often have to pay a fee to be placed in popular dapp explorer based wallets because space is limited. When large dapps become included sometimes smaller dapps are pushed out.
-          Some dapps can never be put into a dapp explorer because they would impact the dapp explorer legally, such as dapps that have aspects of porn, drugs, or gambling.
-          You will never be able to put native applications into these explorers at full capacity. They will always be wrapping those applications in whatever framework the explorer is built in, and significantly limiting the resources available to the now-non-native-application. This makes them almost useless for anything that isn’t a web application.

Web Extensions have special downsides too!

-          Popups for web applications can be mimicked quite easily, and there is no way to discern a popup from a web application from one of an extension. This makes them particularly susceptible to click-jacking and limit their possibilities considerably.
-          Extensions auto-update, and some browsers don’t allow you to disable that feature ( fuck you chrome )! Now this one here is a bit more than a downside, it’s a security concern and a large one at that. There’s nothing stopping the team behind a web extension from updating your extension and getting access to your keys. Hell, you wouldn’t even be notified that it was updated. Edit: This just happened 2 days after posting this.
-          Because of both of the above new extension popups can’t be trusted. If a user gets a new popup they haven’t seen before and don’t know it’s new, they will not trust it ( and shouldn’t ). This makes new functionality hard to roll out.
-          Some of these extensions also just give away your information the second you land on a website, making privacy an issue as well. ( though this can be solved with a bit more work, it usually isn’t )
-          Extensions don’t work on mobile! At least not broadly. There's cases of using Firefox ( thanks Dan Finlay! ) For MetaMask and chrome extensions inside of Yandex as well.

Not a very pretty picture is it?
But we’ve learned a lot. You don’t call it computer science for nothing, and these experiments are necessary on our journey to a free and decentralized internet.

At Scatter I started with a web extension because the community needed something fast and dirty to get the job done, that extension is now known as Scatter Classic. Classic did a lot of things right ( privacy model using a permissions-first philosophy, higher encryption schemes, identity, whitelists.. ), but it still suffered from all of the things mentioned above, apart from the giving away of information.

After almost a year of deep shower-thought contemplation I came to the conclusion that an extension wasn’t working for the way I see the future of the blockchain and Scatter. It’s too limiting, still fairly insecure due to being in the browser, always at the mercy of breaking-browser-changes and it’s really not the best choice for users. So I started work on a desktop application. But.. how the hell are we supposed to connect to web apps?

Scatter needs the ability to return results to applications which makes deep-linking not even a choice ( deep linking is something like scatter://transaction?blah=whatever ). Going through return URLs ( such as yourapp.com/logged_in ) to backend servers means the user’s information has to actually touch the internet before it can even reach the application which is horrible, it’s a particularly bad developer experience, and also nullifies local native applications so that’s a bust. I did the natural thing. I created a web extension to talk to the desktop application. ( insert :facepalm: emoji here )

But an amazing thing happened. In order to talk to the web extension from the desktop application I absentmindedly created a WebSocket Server within the desktop application and a client on the extension… I didn’t even realize the door I had just opened as it was such a normal thing to do. I was in the shower when it actually hit me, and I practically slipped and broke my neck rushing to get out and get to my computer. “Of course”, I thought.

That day I created a WebSocket Client JavaScript library called scatter-js. It allows web applications to directly interface with Scatter Desktop after going through some basic authentication and user approval to make it secure and only allow applications the user wants to talk to it, talk to it. But it doesn’t only work with the web! Native desktop applications can use their own WebSocket clients to talk to Scatter Desktop too!

Why is this important?
With blockchains becoming extremely fast and scalable this is an important upgrade. We want to be able to play First-Person Shooter games integrated with the blockchain without exposing our private keys, for instance. This new way of contacting signature providers ( like Scatter Desktop ) allows us to do just that. But it’s not all it allows us to do. A prototype of Scatter Mobile just hit the market. It can instantly connect to all web applications that are using scatter-js, and can also connect to native mobile applications, without wrapping them. This is a huge leap forward from dapp explorers and web extensions. Web developers only have to write code once and they instantly support both desktop and mobile. On top of that games written in frameworks like UnrealEngine4 and Unity3d also only have to write code once and can then export to Windows, Mac, Linux, Android, and soon iOS without changing any of their code. It became write-once use-anywhere. Which is what all developers strive for.

“ I expect within the next year more and more signature providers will start moving over to this type of system as it puts an emphasis on the user’s privacy, and app accessibility. Let it be known we did it first :)”

Aside from the obvious benefits let’s look at some of the other problems having Scatter on the Desktop and Mobile solves for both web extensions and dapp explorers.

-          No more untrusted popups from within the browser since it’s easy to discern desktop/mobile popups from browser popups. No more click-jacking. ( mobile does this with real phone notifications )
-          Keys and private data are never kept within the scope of the dapp anymore, instead they are kept on your desktop/device. This completely removes an entire attack vector. ( albeit while adding another one through websocket connections, but that’s a far simpler problem to solve )
-          No more limitations about what apps you can use! Instead of Scatter telling you which dapps you can use, it’s the dapps telling you that you can use Scatter. This puts the power back into the hands of the user and the developers.
-          No more forced auto-updates. If you don’t want to update, don’t. This is of course a massively important one. “How do we know you’re not updating the extension on us?” is one of the hardest questions I had to answer with Scatter Classic. The answer was always “You’ll have to trust me”, which I hate because it totally breaks the whole reason we use blockchain. Don’t trust, verify. ( Scatter is open-source of course )

Native Applications are the next big thing in Blockchain.
Mark my words. With Scatter Desktop and Scatter Mobile we no longer have to limit dapps to the web. We can now support native mobile applications, native desktop applications, MacOS, Windows, Linux, Android, Tablets, and soon iOS ( hopefully, Apple don’t fuck me on this one ).

This opens up a brand new expanse for blockchain usability and productivity. Imagining the possibilities is almost intoxicating.

-          Native decentralized exchange applications. Native market applications.
-          Native games with built-in marketplaces.. First person shooters, Real time strategy, Virtual Reality, Gambling… so so many options. Native game CENTERS like Steam but for blockchain games.
-          Native banking & budgeting applications, loans.
-          Full developer suites integrated with Scatter for easier testing and deployment of contracts.
-          Native messaging applications.

The list goes on and on, we could sit and dream up things we couldn’t do before this all day. This is truly an untapped resource. I can’t wait to see this ecosystem explode as developers catch on to all the possibilities. We’re in for a wild ride, I hope you’re strapped in.


Source: https://medium.com/getscatter/the-blockchain-isnt-just-for-web-applications-silly-rabbit-926a4ea5ccd1

Tidak ada komentar:

Posting Komentar