译文/Translated:
改良EOSIOTM软件包是我们正在进行的任务,但也因为系统范围内的多方参与者角色不同,它需要我们进行整体意识。EOSIO战略愿景提出几个主要的关注点: 规模化、开发者、 用户、和企业。战略愿景系列的这篇文章主要讨论的是区块链用户和我们正在对EOSIO软件做的改进,以便让我们更好地为用户提供支持。
减少用户在使用区块链应用时的阻力能大幅推动区块链应用的大规模使用。想要让用户能自信地使用区块链系统,该系统必须拥有安全、简单和熟悉的界面。我们的团队已经在建立和提出安全准则,以供搭载在EOSIO区块链上的验证器和应用交互时使用,这样,我们就朝上述目标迈了一大步,我们最近刚刚发布的李嘉图模板工具包就是一个例子。
接下来的关注话题是EOSIO战略愿景第三部分的具体细节:
一致的前端
钓鱼和诱导转向等攻击利用虚假信息诱骗用户接受平时绝不会接受的协议,它们不会告知用户自己同意的内容实质究竟是什么。为了避免这样的恶意行为,我们团队不断加强对李嘉图合约的支持,我们也在推进能够实现验证链上图片渲染、文本、附件的工具包,从而清晰地让用户知道他们在签署交易的时候究竟同意的怎样的条款。我们给开发者提供模板,让他们能够完成签署交易过程中需要的清晰的条款和条件,用户就能更容易地获悉他们同意的究竟是什么。这样的措施增强了透明度,同时,用户在直观的浏览界面中探索的时候,这样的措施会给他们带来安全感和信心。
实现WebAuthn支持
如果敏感数据被保存在不安全的系统,密钥和密码管理是比较让人担心的问题,它们也可能暴露重大攻击向量。硬件验证器初步实现保护密码和/或私钥免受侵害。而WebAuthn则是新的万维网联盟(W3C)标准,它能给所有领先的浏览器和平台提供安全的验证支持,目前,诸如Yubico, 谷歌和微软等在内的科技巨头已经开发了这类平台。我们要采用WebAuthn标准,因为它能让我们把硬件装置和现存的验证架构结合起来。其中包括了最近刚发布的EOSIO支持的YubiKey和内置验证装置,如指纹传感器和其他生物识别确认装置。
强化资源管理
目前,我们要有用户拥有或者租赁足够执行交易的CPU和NET资源的代币。新的功能允许开发者可以获得更大的自主权,决定使用CPU和NET的费用如何收取。我们在规范存储库提议启用该工具。一旦启用,EOSIO区块链只会向交易第一授权人收取CUP和NET费用,这样,应用开发者就可以给特定交易设置标准,覆盖任何相关的用户费用。通过覆盖消费者费用,开发者就能减轻任何和交易成本相关的使用障碍。
文件系统去中心化
现在应用的商业逻辑被封装在智能合约中,相关的数据则储存在区块链上。但是,应用用户界面还是建立和托管在链下的,这就意味着去中心化应用面临单点故障及审查风险。我们正在探索是否有方法实现应用用户界面的链上存储,或许我们会通过一个单独的低成本的资源来实现应用最终实现真正的去中心化,从而有效地避免审查。
EOSIO规范存储库
我们社区的目标是建立稳定、高效和规模化的EOSIO区块链,这个目标从未改变,我们也继续提供支持和资源。我们还继续实现EOSIO战略远景的各方各面,在这个重要的阶段,我们从研发人员、开发者和其他社区成员中获得的反馈就显得至关重要。这项工作由规范储存库引导,它是EOSIO LabTM的一个计划,目的是让我们这个不断发展的生态中的所有成员都能获得更大的增益。请认真阅读我们起草的存储规范,直接在GitHub上提供反馈,我们会在EOSIO中实现这些功能。
保持联系
EOSIO区块链生态中最重要的参与者之一是我们的用户,Block.one致力于把社区的建议和反馈结合起来。用户反馈帮助我们更了解和改进我们的开源工具包,最终才能为每个人创建一个更有活力、更加安全、更吸引人的体验。如果您想提供反馈,想和我们团队更好地协作,为开发者改进EOSIO,您可以给我们的开发者关系小组发邮件developers@block.one
我们也会在邮件列表会不断更新未来的公告和发布通知。现在就在EOSIO新站订阅我们吧。
. . .
重要通知:所有提供的材料都受此重要通知的约束,您必须自行熟悉此间条款。该通知包含与我们软件、出版物、商标、第三方资源以及前瞻性声明相关的信息、限制和约束内容。通过访问我们的材料,您接收并同意此通知的条款。
原文/Original:
Improving the EOSIO™ software suite is an ongoing endeavor and requires a holistic approach given the diverse roles of system-wide participants. The EOSIO Strategic Vision outlines four major points of focus: Scalability, Developers, Users, and Enterprise. This entry in the Strategic Vision series addresses blockchain users and improvements we are making to the EOSIO software suite to support them.
Reducing friction for users of blockchain applications will go a long way towards supporting mass adoption. Users need access to secure, simple, and familiar interfaces in order to confidently use blockchain systems. Towards that effort, strides have been made by our team to develop and propose security standards for interactions between authenticators and applications built on EOSIO based blockchains like advances recently released in the Ricardian Template Toolkit.
The following topics of focus are detailed in pillar 3 of the EOSIO Strategic Vision:
A Consistent Front End
Phishing, bait and switch, and other types of attacks use false pretenses to trick users into making otherwise unacceptable agreements, without revealing the true nature of what users are agreeing to. To stifle these malicious efforts our team is continually advancing support for Ricardian Contracts and a toolkit for validating onchain image rendering, text, and attachments, that clearly indicates the terms a user is agreeing to when they sign a transaction. By giving developers templates to put clear terms and conditions alongside transaction signing, it makes it easy for users to know exactly what they are agreeing to. These added transparency measures will provide users security and confidence as they navigate straight-forward interfaces.
Enabling WebAuthn Support
Private key and password management can be worrisome and present major attack vectors if sensitive data is stored on an insecure system. Hardware authenticators are a step towards siloing passwords and/or private keys from harm’s way. WebAuthn is a new World Wide Web Consortium (W3C) standard providing secure authentication support for all leading browsers and platforms pioneered by major technology companies including Yubico, Google, and Microsoft. Adopting the WebAuthn standard because it makes it possible to incorporate hardware devices into existing authenticator architectures. These include the newly released EOSIO supported YubiKey, built-in authenticators such as fingerprint sensors, and other biometric confirmation tools.
Enhanced Resource Management
At present, users are required to own or lease sufficient tokens to cover CPU and NET resources needed to execute transactions. New functionality allows developers to have a greater degree of autonomy over how billing for CPU and Network usage is processed. The proposal for this tool is outlined in the Specification Repository. Once enabled, the EOSIO blockchain will only charge the first authorizer of a transaction for related CPU and Network costs. This allows application developers to set a criteria for specific transactions and cover any associated user costs. By covering customer fees, developers can help to alleviate any adoption barriers related to transaction cost.
Decentralized File System
Today application business logic is encapsulated as smart contracts and associated data is stored on the blockchain. However, application user interfaces are still built and hosted off-chain, representing single points of failure for decentralized applications and a capacity for censorship. We are exploring ways of enabling on-chain storage of the application user interfaces, perhaps in a separate lower cost resource that can enable applications to finally become truly decentralized and therefore effectively censorship resistant as well.
EOSIO Specification Repository
The community effort towards building stable, efficient, and scalable EOSIO blockchains remains ongoing and we will continue to provide support and resources. We are continuing to implement various facets of the EOSIO Strategic Vision and during this crucial stage the feedback we receive from researchers, application developers, and other members of the community makes an impact. This effort is spearheaded by the Specification Repository, an EOSIO Labs™ initiative to support greater synergy amongst stakeholders in our growing ecosystem. If interested in getting involved, please review the specifications drafted and provide feedback directly in GitHub as we work through the implementation of these features in EOSIO.
Stay Connected
Users are among the most vital participants of the EOSIO blockchain ecosystem, and Block.one is committed to incorporating community suggestions and feedback. User input helps to inform and improve our open source toolkits, ultimately creating a more robust, secure, and engaging experience for everyone. If you would like to offer feedback and work more closely with our team to improve EOSIO for developers, you can send our developer relations team an email at developers@block.one.
Get updates on future announcements and release notes by subscribing to our mailing list today on the new EOSIO website.
. . .
Important Note: All material is provided subject to this important notice and you must familiarize yourself with its terms. The notice contains important information, limitations, and restrictions relating to our software, publications, trademarks, third-party resources and forward-looking statements. By accessing any of our material, you accept and agree to the terms of the notice.
原文链接/Original URL: