Handle switching sync servers #14

New issue

Open

opened 2022-08-16 20:38:04 +02:00 by orblivion · 0 comments

orblivion commented

2022-08-16 20:38:04 +02:00

(Migrated from github.com)

Once we're past the test user phase, people may want to try to switch which wallet sync server they're connecting to.

If the client merely switched which wallet backup server it was using, the new server would reject it because it's not starting on sequence 1. We either have to have the server allow starting on a higher number, or have the client restart the counter.

This gets particularly interesting when there are multiple clients syncing. I don't want to spend the time thinking about it now, but suffice it to say I anticipate that there's at least one way things could get into a locked state or data could get lost.

There could be a sophisticated version of this. Not complicated, but sophisticated, in that it considers all of the things that could go wrong and is reasonably user friendly. But for now we'd rather make a simple version even if it's a little more inconvenient for users (it's a rare action after all).

However, we'll see if there's a simple way we could make some guard rails on this thing. For instance, at in one version of my spec, I had the idea of sending some sort of terminator message to the clients, to make sure that they switch servers. This prevents different versions from being sent to different servers and data getting lost. At very least we may want to have the old server disable the old account, in case there's an old device somewhere that the user forgot was connected. Or maybe this is the same thing.

Another idea would be to leave it to the user, give them a big red warning and all that. Tell them to make sure they're on the same sequence number on all of their devices. Maybe we could list all of the user's devices so they know? Somehow?

If the user has a client that's usually offline and it's in another state or something and it's inconvenient to have all of them ready to switch over at once... that's the concession we'll make. Sorry, switch when you have everything with you.

So, perhaps best idea: Big red warning, show sequence numbers, tell the user "make sure it's all synced". Then push the button, disabled the account on the old server. Every device switches over. If something is out of sync they have to nuke it and start it over. If they forgot about a device that was connected, they'll eventually find out when they turn it back on.

Concessions: Evil servers. If they're trying to switch off because the server sucks, maybe it won't disable the account.

Once we're past the test user phase, people may want to try to switch which wallet sync server they're connecting to. If the client merely switched which wallet backup server it was using, the new server would reject it because it's not starting on sequence 1. We either have to have the server allow starting on a higher number, or have the client restart the counter. This gets particularly interesting when there are multiple clients syncing. I don't want to spend the time thinking about it now, but suffice it to say I anticipate that there's at least one way things could get into a locked state or data could get lost. There could be a sophisticated version of this. Not complicated, but sophisticated, in that it considers all of the things that could go wrong _and_ is reasonably user friendly. But for now we'd rather make a simple version even if it's a little more inconvenient for users (it's a rare action after all). However, we'll see if there's a _simple_ way we could make some guard rails on this thing. For instance, at in one version of my spec, I had the idea of sending some sort of terminator message to the clients, to make sure that they switch servers. This prevents different versions from being sent to different servers and data getting lost. At very least we may want to have the old server disable the old account, in case there's an old device somewhere that the user forgot was connected. Or maybe this is the same thing. Another idea would be to leave it to the user, give them a big red warning and all that. Tell them to make sure they're on the same sequence number on all of their devices. Maybe we could list all of the user's devices so they know? Somehow? If the user has a client that's usually offline and it's in another state or something and it's inconvenient to have _all_ of them ready to switch over at once... that's the concession we'll make. Sorry, switch when you have everything with you. --- So, perhaps best idea: Big red warning, show sequence numbers, tell the user "make sure it's all synced". Then push the button, _disabled the account_ on the old server. Every device switches over. If something is out of sync they have to nuke it and start it over. If they forgot about a device that was connected, they'll eventually find out when they turn it back on. Concessions: Evil servers. If they're trying to switch off because the server sucks, maybe it won't disable the account.