You are viewing a single comment's thread from:

RE: REMINDER: STEEMIT Scripts available to "Hide/Show ReSTEEMS", enable your "Post Vote Slider", and to "Vote Past Payout"!

in #steemit7 years ago

Definitely looks like a great piece of work he's done. I had thought of adding some of those features (such as the votepower value, etc), though I ended up putting them into my Discord WhaleBoT (used by well over a dozen STEEMIT-related discord chat rooms now) instead, since I was hesitant to add too much more "weight" to the web interface. For example, while he is packed in a whole lot of new features, the javascript code alone is over 1.3 megabytes, versus my two scripts coming in under 20 kb!

Regardless, it's still really cool what he put together, not to mention that he's already released the complete code on github, along with the relevant "security" warnings and "caveat emptors". I still have a "thing" for using the features as an extension, though. But given the scope of what he put together, it probably was the correct way to go in this case. And of course, if it makes sense to do so, perhaps some of the simpler features could still be ported into a simpler TamperMonkey script as well.

7 years ago in #steemit by
$0.13
  • Past Payouts $0.13
  • - Author $0.11
  • - Curators $0.02
2 votes
Reply 8
Sort:  
  • Trending
    • [-]
     7 years ago  

    Alex, why the need for a private key for these scripts? Those scripts are not posting for us and they live in a sandbox or?

    $0.02
    • Past Payouts $0.02
    • - Author $0.02
    • - Curators $0.00
    1 vote
    Reply
    [-]
     7 years ago  

    my scripts don't need access to any private keys, because they hook into STEEMIT's post voting methods.

    HOWEVER, any script that runs inside the STEEMIT.com browser "sandbox" can potentially access any of the same private keys that STEEMIT can.

    $0.00
      Reply
      [-]
       7 years ago (edited) 

      Why should they run inside that sandbox?

      $0.00
        Reply
        [-]
         7 years ago  

        how else would they modify the GUI, even if only to add a single button such as "hide resteems" along with the javascript code to hide/show resteemed elements?

        $0.00
          Reply
          [-]
           7 years ago  

          Well as I'd imagine sending everything that has to be signed in a message to a private memory space you'd do the same for objects which need to modified. I'd believe you if you'd say that it wouldn't be very efficient and practical but from a security standpoint. If we'd be talking about private keys to big funds then I would let my private keys live in an encrypted vault like KeyChain on MacOS and just send messages to be signed through the sandbox back and forth. But in any case thanks for explaining, I should probably write up a post about it and research this topic. It's been years I've looked at these problems so...

          $0.00
            Reply
            [-]
             7 years ago  

            But indeed now I realize that you'd have to authorize everything by hand if you were to send messages anyway which would make the whole thing unpractical.

            $0.00
              Reply
              [-]
               7 years ago  

              👏👏👏

              [-]
               7 years ago  

              Yeah man thanks for having patience with me I really appreciate it. You know I always wanted to find out things for myself and I like to dream and imagine :-)

              $0.00
                Reply