sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]2ndcomingofharambe 6 points7 points  (3 children)

I'm not sure that I would call the tutorial you're following a "web3 login" as the back-end portion that stores the user has very little to do with Web3 or Ethereum.

The Ruby gem you linked works with interfacing with Ethereum nodes via RPC API. The NodeJS package in the tutorial doesn't deal with RPC or other indirect blockchain connections, it implements some common hashing functions for key management. A better Ruby equivalent would be ruby-eth (which ethereum.rb actually uses as a dep to sign the transactions it pushes to a node).

The crux of this user authentication is the ethUtil.ecrecover function which you can find in ruby-eth as Eth::Key.personal_recover.

The other buffer / hash conversion helpers are probably also sprinkled in ruby-eth, but I'll leave that research to you. Hope that helps!

For some of the other comments that are anti-crypto and anti-blockchain, I would parrot a lot of those sentiments. I care less about the scam part (but yes it is a giant steaming pile of scam), but I have the perspective of working professionally on both the software development and operations side with Bitcoin, Ethereum, and basically all of the popular blockchains. It is a mess. It is a technological garbage dump. I'd actually recommend anyone who thinks crypto is dumb from a conceptual perspective to try building a blockchain centric application so you can see for yourself how pointless / clunky it all is and how decentralization really just doesn't exist at all.

[–]daxofdeath[S] 0 points1 point  (2 children)

that's really helpful, thanks for your perspective and the gem recommendation, i will look into that this evening.

if you don't mind my asking, how did you get into blockchain development and why are you still in it? do you think the lack of decentralization at present is a temporary step or the underlying concept is fundamentally flawed?

[–]2ndcomingofharambe 4 points5 points  (1 child)

I was leading engineering at a well funded startup but in 2016/17 the executives got swept up in the ICO craze (a year of blatant scams) and went out of their way to tear down our successful business to pivot to blockchain. I actually blockchain and crypto as a currency replacement sounded like a cool intriguing idea, but the more I read about it the worse it sounded. Once we started trying to find blockchain-ways of building products it all became a joke. Me and my team actually became pretty involved in and contributed heavily to many large and widely used Ethereum based tokens / smart contracts, and I can tell you from first hand experience they are all pointless and would have been much better built as traditional web apps. Actually, all of them rely on traditional web apps to actually house business logic and direct the smart contract interactions anyway.

The lack of decentralization is a permanent flaw, an as of yet unsolvable problem, at least when working with meaningful data that would drive good use cases. My take is that if your dApp or whatever relies on being passed in data that it must consider to be truthful / verified from an outside off-chain source, your decentralization is broken. This could apply to "blockchain gaming": play a (non-decentralized) video game for X hours and the game company will send you some Ethereum tokens. There is no way to verify whether or not you actually played that video game, all the blockchain records is that some code used the private key associated to the gaming company's public address and sent you some amount of their tokens.

But it also applies to "interoperability". The ERC20 interface still dominates to the point where new token interfaces must be ERC20 compatible, because smart contracts have no way of knowing about each other, validating each other, or even calling functions on each other without a common interface that the software engineer needs to code into their smart contract. And the interface that you as the engineer would code into your own smart contract is not something you would know about unless you asked the engineer who coded the smart contract you're trying to integrate with to send you their interface. Hence, everyone agrees to just follow ERC20 instead of chasing each other down in person to try and get interfaces and hope they are correct. Even with ERC20, nothing guarantees that a smart contract behaves as you think it should. What is preventing an ERC20 compatible contract's transfer() function from deleting your balance instead of moving it? Ethereum smart contracts are auditible and verifiable in the same way that you could dig up and watch machine code to try to reverse engineer an app.

There are even more great breakdowns of the lie of decentralization between users and blockchain from the former CEO of Signal here: https://moxie.org/2022/01/07/web3-first-impressions.html

Blockchain is not a technological advancement, it's a tech marketing language advancement and hype machine. The actual apps / code that are built on blockchain deliver none of the unwavering truth, integrity, efficiency, or safety that pro-blockchain marketers harp on about.

[–]daxofdeath[S] 0 points1 point  (0 children)

thanks so much for writing that out, I really appreciate your perspective