BitShares Forum
Other => Graveyard => Marketplace => Topic started by: bytemaster on June 05, 2014, 08:06:03 pm
-
This RFP is for someone to setup and maintain an open source faucet application for BTS chains. This faucet will differ slightly from most bitcoin faucets in that it will require the user to provide:
1) Their Account Public Key
2) A globally unique account name to be registered on their behalf
3) A valid email address that is verified and for which there is a valid gravatar (https://en.gravatar.com/site/implement/hash/) account + image.
It should validate their account by sending them an email.
After they have validated their account, it should register a new account in the blockchain under the provided username and include the gravatar md5 hash as a public property of their account.
This will mean that everyone who wants to get started can use BTS with the following steps:
1) Download Client
2) Create local account and copy public key
3) Fill out form at Faucet
4) Check Email and click link.
5) 30 seconds later they have a registered account with initial balance.
Now all clients have the ability to display information from the gravatar profile along with the account which makes the directory more usable. The faucet should be branded and professional looking.
THIS IS NOT A BOUNTY, WE WILL PICK SOMEONE TO DO IT OR NO ONE.
-
interesting
-
somebody who could do the backend stuff for this bounty!?
I would love to design the frontend if needed.. pls contact me via PM or directly here if you have interest to finish this bounty task.
Cheers
cass
-
Too bad I am not a coder .. this seems like an 'easy task' for experienced python/ruby/web coders!
//EDIT: willing to donate some bucks for the faucet!
-
I can do this. This project need limit per IP address just once?
The next few days i can release some demo.
-
somebody who could do the backend stuff for this bounty!?
I would love to design the frontend if needed.. pls contact me via PM or directly here if you have interest to finish this bounty task.
Cheers
cass
I can do that backend , We work together?
-
somebody who could do the backend stuff for this bounty!?
I would love to design the frontend if needed.. pls contact me via PM or directly here if you have interest to finish this bounty task.
Cheers
cass
I can do that backend , We work together?
You got PM. Yup deal, we'll work together...
-
The faucet should work only once per user? or can a user return to the faucet over and over? Whatever it is, questions like these should be built into the specs.
-
Some more details on this particular project:
The goal is only one per person.
I want to add SMS verification.
I want to add Referral Rewards
I want to integrate this service with our wallet.
The service should not store email addresses after sending emails, only the hash of the email addresses.
The factors that prove uniqueness:
1) email
2) phone
3) gravatar account
If someone wants to fake all 3 then that is fine.
I would like to support finding friends on Google / Facebook for 'automatic referral'.
So if someone you refer ends up signing up you get a bonus.
Now we have financial incentive for people to sign up unique individuals and to refer their friends.
New users will be able to use our DACs without ever having to see or know about the existence of public keys / private keys.
-
I think I know a way to do this with using just the block chain and temporary place to store the email verification codes (no other databases).
If there is someone who is experienced with PHP (or any other language for the backend) and doesn't know where to get started, I already have a portion of the backend design and I should be able to finish it this afternoon, PM me. I think I would be able to do it on my own but seeing as there is someone already started on this and the fact that I don't have much experience in programming, I don't think it's a good idea, but I would like to help.
For SMS verification you probably need an external service, is that desirable?
Maybe make it:
(Gravatar registered) Email address
Unique name
Valid public key
Captcha
Max 2/IP/month or so.
Fairly bot proof and no need for SMS verification right?
If you still require SMS verification, this seems fairly cheap: https://www.twilio.com/sms/pricing
Or are there cheaper/free ways to do this?
-
I want to add SMS verification.
For SMS verification you probably need an external service, is that desirable?
Crypto peoples doesn't like to share the phone numbers, we need to found the way to do it without SMS notifications.
-
I want to add SMS verification.
For SMS verification you probably need an external service, is that desirable?
Crypto peoples doesn't like to share the phone numbers, we need to found the way to do it without SMS notifications.
That's what I thought, captchas and a well chosen IP limit should prevent bots for the most part. Check emails against the 10minutemail a like services and +'es in gmail.com accounts.
Then someone would have to create an alias in outlook.com, create a gravatar account for it, upload an image, get another IP, create another public key and fill in the info/captcha.
adjust the amount you get on top of a paid for registration to the amount of work required to beat the system.
Advertise it as a way to freely register your unique name and get a little xts, emphasise on the free registration.
Raw draft for the bitshares faucet:
http://pastebin.com/xSRuvMAt
Forgot faucet in the title. Download and view fullscreen for the formatting to make sense.
EDIT:
Or maybe (not a fan of this, just trying to come up with a compromise (?)
tier 1 free registration and a very small amount of xts (required: email address)
tier 2 free registration and a bigger amount of xts (required: email address and phone number)
Another EDIT:
Maybe issue a special play around asset, give people a big number of them to get familiar with the system (give them a small amount of xts alongside this, the xts for real and the play around as some kind of dogecoin get accustomed to this new thing asset?)
Just typing out ideas right now.
-
Nice draft...
Just make sure that every 'form' also comes with a JSON-RPC API call that we can issue from the wallet GUI without having to use your website interface.
No captcha's.
-
Hello,
Looks like this could be an interesting intro project.
Last time we've checked one of the bounties (the initial website bounty) my team was put off by the bounty approach (and several other issues) so we backed off. We think that the wide-open bounty approach is not agile and discourages pre-existing professional teams from participating. 3rd party products which are build on top of 3I products are crucial to the 3I ecosystem and need to be build in an agile manner. Block explorers, faucets, browser extensions, etc are the equivalent of "launch titles" for gaming consoles or an app ecosystem for mobile phones, they make or break the underlying technology. Development bounties without assurances don't fit the bill. The current kind of bounties are also not scalable, you have to micromanage too much, maybe even outsource bounty oversight.
That said, we think that we can build the faucet with email and gravatar verification + reasonable spam protection in a week. We haven't worked with the Bitshares toolkit RPC yet, so that might need a few days to get used to. The whole thing should take at most 2 weeks, with professional design and security (nobody wants this scenario http://gavintech.blogspot.com/2012/03/bitcoin-faucet-hacked.html).
Our monthly (4 weeks) rate for a 3 person team (1 designer/frontend, 1 frontend/backend, 1 backend) is 9400 USD total (we're in South Eastern Europe). This means that our 2 week estimate amounts to 4700 USD in development costs for this faucet. Most of our portfolio is whitelabel deals so if you're interested to see it PM me. We have won security bug bounties for Google, Nokia, Microsoft, ebay, etc, so we are very security focused. We don't do waterfall or fixed price/scope development, only agile development. We understand that requirements change over time (just as in this case sms verification was added), therefore we do only contract work.
However, we understand that 3I needs to be transparent about bounties so we're proposing a 1 week sprint escrow contract through bitrated (https://www.bitrated.com/) (multisig arbitration). The product owner, meaning somebody from I3 in charge of the project creates a list of features he wants to see in the product. Our team then creates high level user stories out of them. The product owner rates the user stories on a list of 1-10 on importance (the broader community could do this rating too via the forum). We multiply each user story rating with the development time it takes * cost per day. This way I3 and the broader community have a clear picture of the cost breakdown and ROI per feature. Our team then creates a weekly sprint backlog out of those user stories which are chosen to be the highest ROI. The development cost is locked in USD in bitcoin and put into a multisig transaction through https://www.bitrated.com/ at the beginning of the sprint. The transaction only goes through when all user stories are met according to specs. Any potential dispute can be settled through a 3rd party.
This way when feature creep happens (which is normal) the team developing the product won't be be helpless and the product owner can add to the backlog the additional feature to future weekly sprints.
We believe this is the best way to ensure high quality products at a low cost, and transparent to the community. This is also the only way we could think of for 3I how to scale the bounty system and get more professional teams on board.
Bounties without assurance might look tempting for the client, but they keep the good teams away. You might get good individuals from time to time, but teams need real assurance.
All that said, we're PTS stakeholders so keep the good work up!
-
I think I will start working on it after I got some sleep (~12 hours from now), given that there is no-one else who already started working and updated us by that time. If I start with creating functions for validation and calling the RPC API then it would be easy for other people to use.
Nice draft...
Just make sure that every 'form' also comes with a JSON-RPC API call that we can issue from the wallet GUI without having to use your website interface.
No captcha's.
Thanks I guess, hope it can be of some use.
-
Yea this would be a fun thing to write but bounties are a mess.
You can buy SMS's real cheap. I think I paid like $10 for 10k of them. If anyone wants the service I can tell you the one I used. I just embedded the code into the URL. This means if someone has an old phone they'll see a url instead of a code to enter into a page. For all modern phones it would be easier.
These SMS services don't necessarily work with foreign #s AFAIK. It needs to be decided at what locales this is going to work at.
You also need to hash the phone # I would suspect, but a third party would have a permanent record of it.
You can also send SMS's via emails if the person tells you their number and their provider.
-
Hello,
Looks like this could be an interesting intro project.
Last time we've checked one of the bounties (the initial website bounty) my team was put off by the bounty approach (and several other issues) so we backed off. We think that the wide-open bounty approach is not agile and discourages pre-existing professional teams from participating. 3rd party products which are build on top of 3I products are crucial to the 3I ecosystem and need to be build in an agile manner. Block explorers, faucets, browser extensions, etc are the equivalent of "launch titles" for gaming consoles or an app ecosystem for mobile phones, they make or break the underlying technology. Development bounties without assurances don't fit the bill. The current kind of bounties are also not scalable, you have to micromanage too much, maybe even outsource bounty oversight.
That said, we think that we can build the faucet with email and gravatar verification + reasonable spam protection in a week. We haven't worked with the Bitshares toolkit RPC yet, so that might need a few days to get used to. The whole thing should take at most 2 weeks, with professional design and security (nobody wants this scenario http://gavintech.blogspot.com/2012/03/bitcoin-faucet-hacked.html).
Our monthly (4 weeks) rate for a 3 person team (1 designer/frontend, 1 frontend/backend, 1 backend) is 9400 USD total (we're in South Eastern Europe). This means that our 2 week estimate amounts to 4700 USD in development costs for this faucet. Most of our portfolio is whitelabel deals so if you're interested to see it PM me. We have won security bug bounties for Google, Nokia, Microsoft, ebay, etc, so we are very security focused. We don't do waterfall or fixed price/scope development, only agile development. We understand that requirements change over time (just as in this case sms verification was added), therefore we do only contract work.
However, we understand that 3I needs to be transparent about bounties so we're proposing a 1 week sprint escrow contract through bitrated (https://www.bitrated.com/) (multisig arbitration). The product owner, meaning somebody from I3 in charge of the project creates a list of features he wants to see in the product. Our team then creates high level user stories out of them. The product owner rates the user stories on a list of 1-10 on importance (the broader community could do this rating too via the forum). We multiply each user story rating with the development time it takes * cost per day. This way I3 and the broader community have a clear picture of the cost breakdown and ROI per feature. Our team then creates a weekly sprint backlog out of those user stories which are chosen to be the highest ROI. The development cost is locked in USD in bitcoin and put into a multisig transaction through https://www.bitrated.com/ at the beginning of the sprint. The transaction only goes through when all user stories are met according to specs. Any potential dispute can be settled through a 3rd party.
This way when feature creep happens (which is normal) the team developing the product won't be be helpless and the product owner can add to the backlog the additional feature to future weekly sprints.
We believe this is the best way to ensure high quality products at a low cost, and transparent to the community. This is also the only way we could think of for 3I how to scale the bounty system and get more professional teams on board.
Bounties without assurance might look tempting for the client, but they keep the good teams away. You might get good individuals from time to time, but teams need real assurance.
All that said, we're PTS stakeholders so keep the good work up!
Ok... I think I agree with your points about bounties. I think I would like to sole-source this effort but need to evaluate my options. Some of you have already started some work, could you please post your progress and we can send some tips your way. Then we can use this thread to establish the requirements and move forward from there.
-
Haven't really gotten anywhere, stuck on the communicating with the API part.
I can get data from bitcoind (curl, php library and python library)
The web wallet (which works trough RPC) works
Parse error if it is a correct method (getinfo)
404 if it is an incorrect method (getinfod)
It's driving me a bit crazy at this point, it this the kind of question I can ask in technical support (on how to do this correctly)?
-
Haven't really gotten anywhere, stuck on the communicating with the API part.
I can get data from bitcoind (curl, php library and python library)
The web wallet (which works trough RPC) works
Parse error if it is a correct method (getinfo)
404 if it is an incorrect method (getinfod)
It's driving me a bit crazy at this point, it this the kind of question I can ask in technical support (on how to do this correctly)?
I think the URL you require is IP:PORT/rpc
Bitcoin doesn't have the '/rpc' part.
-
Haven't really gotten anywhere, stuck on the communicating with the API part.
I can get data from bitcoind (curl, php library and python library)
The web wallet (which works trough RPC) works
Parse error if it is a correct method (getinfo)
404 if it is an incorrect method (getinfod)
It's driving me a bit crazy at this point, it this the kind of question I can ask in technical support (on how to do this correctly)?
I think the URL you require is IP:PORT/rpc
Bitcoin doesn't have the '/rpc' part.
http://user:pass@127.0.0.1:port/rpc
Is what I used, when I got there the error changed to parsing error and I consistently got a 404 when providing a not existing method.
-
Makes sense. We're open to sole-sourcing.
We haven't started working on it beyond looking how we would do it (PHP, codeigniter, MySQL, normal frontend). Looks like at least mauritso may have already started doing some work.
-
Haven't really gotten anywhere, stuck on the communicating with the API part.
I can get data from bitcoind (curl, php library and python library)
The web wallet (which works trough RPC) works
Parse error if it is a correct method (getinfo)
404 if it is an incorrect method (getinfod)
It's driving me a bit crazy at this point, it this the kind of question I can ask in technical support (on how to do this correctly)?
I think the URL you require is IP:PORT/rpc
Bitcoin doesn't have the '/rpc' part.
http://user:pass@127.0.0.1:port/rpc
Is what I used, when I got there the error changed to parsing error and I consistently got a 404 when providing a not existing method.
Alright, got it, works with curl now (didn't before, even with /rpc), still don't know what caused it, but using the json http port of the bitshares client + a working web wallet (which is accessible on that port) + using curl seems to work. Still can't get anywhere with PHP but at least it works with curl.
Still can't get it to work with python/php. I think I"ll open a thread in technical support about this.
As I have not really gotten anything done and I was just trying to learn a tip would be nice but certainly not necessary.
-
The from items:
1.public key (if clicked by BTS wallet,that wallet will give a public key added to URL,so don't need input this field.)
2.account name
3.email ( a tips must has the gravatar account, we will get that gravatar image)
4.mobile phone number(send button and a SMS verification input field)
5.provide a page embed in BTS web wallet and use JSON-RPC API.(same to website)
Other points:
1.don't limit IP address.
2.if users clicked by email,show a tips on page top, share to friend by a share plugin ( http://www.sharethis.com/get-sharing-tools/ ) . if finish that from will give a bonus to reference user.
3."automatic referral" may be AntiSPAM by google/facebook.
3.use the bitshares email server to send email to users.
4.SMS service fee pays by bitshares.
-
Some more details on this particular project:
The goal is only one per person.
I want to add SMS verification.
I want to add Referral Rewards
I want to integrate this service with our wallet.
The service should not store email addresses after sending emails, only the hash of the email addresses.
The factors that prove uniqueness:
1) email
2) phone
3) gravatar account
If someone wants to fake all 3 then that is fine.
I would like to support finding friends on Google / Facebook for 'automatic referral'.
So if someone you refer ends up signing up you get a bonus.
Now we have financial incentive for people to sign up unique individuals and to refer their friends.
New users will be able to use our DACs without ever having to see or know about the existence of public keys / private keys.
+5%
-
Just listened to today's mumble session that I've recorded this morning.
I like the referral program idea, I think it can be even more effective if combined with social media campaign.
Here is an example how it can look like:
When somebody fills up a form at Faucet he or she gets redirected to congratulation page, this page should have a clear message - "Share on social media (Twitter, FB) and get some more shares, also you friends would have an opportunity to receive extra shares". And there should be social media share buttons that takes directly to social networks share pages.
Or another variant, visitor can be required to login to Faucet via social network of his choice (this can also can be used to limit multiple signups from the same user instead of using phone number), after he signs up a popup dialog can ask for permission to post a story to his social network feed.
-
Just listened to today's mumble session that I've recorded this morning.
I like the referral program idea, I think it can be even more effective if combined with social media campaign.
Here is an example how it can look like:
When somebody fills up a form at Faucet he or she gets redirected to congratulation page, this page should have a clear message - "Share on social media (Twitter, FB) and get some more shares, also you friends would have an opportunity to receive extra shares". And there should be social media share buttons that takes directly to social networks share pages.
Or another variant, visitor can be required to login to Faucet via social network of his choice (this can also can be used to limit multiple signups from the same user instead of using phone number), after he signs up a popup dialog can ask for permission to post a story to his social network feed.
SMS or Social media account in that case.
I would also like to see the option to register your name for "free" (paid by the faucet), without SMS or a social media account, no initial balance, just free registration (to make it not that attractive to people trying to game the system while giving privacy minded people an option to register for free).
Please use the registered in the blockchain names as the basis for the refferal URLs, I think it is best to use the least possible amount of additional databases on top of the bitshares x blockchain.
-
Anyone who did this?
-
yes - work is in progress - stay tuned
-
yes - work is in progress - stay tuned
any news guys?
-
For the sake of devils advocate - who is going to want to use a faucet which forces you to give away personal details? I wouldn't even dream of giving my phone number to a bitcoin faucet.
What is the reasoning behind that requirement?
-
For the sake of devils advocate - who is going to want to use a faucet which forces you to give away personal details? I wouldn't even dream of giving my phone number to a bitcoin faucet.
What is the reasoning behind that requirement?
I'd say taht this thread can be closed and the faucet from keyID can be used instead ... (if s.o. is willing to set one up)
then you can get some BTSX by logging in via google/twitter ..
once you have the BTSX on the network the only personal detail the faucet will have is that you are part of the network .. and hopefully (sometime) that will not be worth anything as everyone else is part of the network too :)
The reasoning behind that requirement is to prevent misuse! nothing else
-
Sorry, didn't realise I was digging up a dead thread :)
-
Sorry, didn't realise I was digging up a dead thread :)
no need to apologize (almost ever) ...
it's a good thing to reactivate this thread, because we (still) just do not have a BTSX faucet .. but the software is already there .. thanks to toast/cass/and hoever is involved with keyid-faucet
-
Sorry, didn't realise I was digging up a dead thread :)
no need to apologize (almost ever) ...
it's a good thing to reactivate this thread, because we (still) just do not have a BTSX faucet .. but the software is already there .. thanks to toast/cass/and hoever is involved with keyid-faucet
This has been built...
https://proofofperson.com/
There are still tests going on, if you would like to try it out and give us feedback that would be helpful.
-
This has been built...
https://proofofperson.com/
There are still tests going on, if you would like to try it out and give us feedback that would be helpful.
coolio .. I'm in
//edit: my mail address already is validated .. how come?
//edit2: you are not really crawling GPG for this .. are you?
//edit3: any mail address I type is already known to the system .. that cannot be right
-
https://proofofperson.com/ (https://proofofperson.com/)
There are still tests going on, if you would like to try it out and give us feedback that would be helpful.
Interesting. Is this related to Follow My Vote or allowing companies to release equities on the blockchain while complying with SEC regulations? Or both I guess...
I'll give it a go.
-
I'll create another thread of ProofOfPerson testing unless there already is one.
Anyway, went through the process fine right up until the (I think) final step. It opened BitSharesX and ask me to select an account to log in to ProofOfPerson with. I selected jamesreidy from the presented drop down and got the following:
(http://i.imgur.com/1aGHbl3.png)
-
It doesn't matter which of my mails i try. I get this message
That email address has already been validated.
-
https://proofofperson.com/ (https://proofofperson.com/)
There are still tests going on, if you would like to try it out and give us feedback that would be helpful.
Interesting. Is this related to Follow My Vote or allowing companies to release equities on the blockchain while complying with SEC regulations? Or both I guess...
I'll give it a go.
or Bitshares 'Open Pazar', or the new marketing campaign... :)
-
Ok, back in devils advocate mode.
There is no way I'm giving my mobile phone number away just to receive a small amount of BTSX.
The industry's solution to proof of person is the solution to a google captcha. No personal information required. How is this better?
-
Ok, back in devils advocate mode.
There is no way I'm giving my mobile phone number away just to receive a small amount of BTSX.
The industry's solution to proof of person is the solution to a google captcha. No personal information required. How is this better?
The goal was to give away slightly larger amounts of BTSX for providing more info and then implementing a recommendation system.
-
The goal was to give away slightly larger amounts of BTSX for providing more info and then implementing a recommendation system.
The setting of the idea seems a little 'unhinged' to me though; crypto nerds are incredibly keen on anonymity, so having a website where they must go to reveal extremely personal information in order to receive crypto currency seems like an oxymoron to me.
-
The goal was to give away slightly larger amounts of BTSX for providing more info and then implementing a recommendation system.
The setting of the idea seems a little 'unhinged' to me though; crypto nerds are incredibly keen on anonymity, so having a website where they must go to reveal extremely personal information in order to receive crypto currency seems like an oxymoron to me.
You don't have to use it at all. It's a simple anti-sybil which makes it so you can register users without having to pay. You could replace with lots of captchas, which is annoying, or you can manually register by buying shares on an exchanges.