Shawn on the net

While I’m rethinking OpenBounty I figured another code race would help clear my mind.

GossipInto.com will be my latest attempt at a Facebook application.  I’ve made some small ones previously but not I was happy enough with to release to the world.

The idea of GossipInto.com will be to allow people to gossip and view gossip about their facebook friends anonymously.  I’ve had the domain for a long time as I bought it for a joke site to do with a Toronto social network years ago.

Site: GossipInto.com

Deadline: Sunday August 31st at 1pm GMT+10

Goals:

1. Ability for users to submit gossip and tag people in it.

2. Ability for people to search gossip by user

3. Ability for people to vote on gossip to confirm/deny it

4. Ability to tag gossip by type and browse based on that too

I use to have a very strong interest in security.  I went to cons, I followed the lists, I studied the texts.  I was hooked.  Then around 7 years ago I just started to lose interest in staying on the cutting edge.  That said I never lost my interest, just my drive in keeping up with the Jones’.

One of the things I was good at though was detecting process flaws.  It’s easy to focus on the coding flaws when working on computer security while missing the flaws built right into the process itself.  It’s a process flaw which is currently keeping OpenBounty from going live and the reason for this post.

In almost every system I build I spend a great deal of time trying to think of attack vectors that I would use if I wanted to break the system.  It was while doing this for OpenBounty that I realized I couldn’t put the site live and I’m still trying to figure out the best solution to the problem I found.  I have a few ideas but I’m being more careful in picking one this time so expect it to be a while before it goes live.

Alright enough background, on with the flaw.  OpenBounty worked by giving users votes based on how much money they contributed to a bounty.  This was done to make it fair so that someone contributing $500 would have more of a say in the final product than someone contributing $1.  The problem I realized is that this leaves the door open for users to buy bounties.

Say bounty A has $500 in it.  Ed comes along, contributes $501 to the bounty, submits a claim with no merit then accepts the claim.  Since he has more votes than everyone else the claim is accepted and Ed walks away with $1001 and everyone else walks away with a dirty taste in their mouth.

I realize now I should have seen this sooner.  Anyhow, for the solutions.  I’ve already disabled the ability to vote on your own claims.  I’ve also added a holding period to the end of voting so that should someone do this the others have a few days to file protests before the bounty is paid.

I’m working on a couple more ideas to preemptively stop this as oppose to the above solutions but I’ll let you know how it goes.

I applied to be an Azoogle publisher this week.  For those that haven’t read my introduction I use to be an AzoogleAds developer.  Unfortunately I don’t know anyone in publisher management anymore so I can’t pull any strings to get approved faster and with my traveling around Australia at the moment approval could be a problem.

Wish me luck.

I did say mostly on track.  I took a break today to give my go at learning Flex 3 and by extension ActionScript 3.  It’s going pretty good.  I have 3 pdf books on it I bought which really came in handy since I’ve been without net access lately.  I am getting the hang of it though and have been playing around with a fun little project to really force me to learn it.

So openbounty is now functionally complete.  I’m going to spend the rest of my deadline time polishing some parts. In doing the first version I’ve already come up with a number of features I’d like to see in version 2 but I am staying mostly focused on the task at hand.

These races have been doing a lot to keep me focused and have really improved my ability to deliver my own projects on time.

OpenBounty.org will be a site where people can open up bounties on a variety of tasks.  Initially I’ll be targetting open source software development but I will leave it open for anything from software to community assistance.  Users create a bounty by pledging a set amount of money.  Other users can then contribute to that bounty with their own pledges.  Bounties will need to have an expiry date at which point an unclaimed funds would be returned to the users. 

There will be two types of bounties and the type of bounty set will determine the selection process.  In service bounties,  claimants will write a proposal which will go out to all those who have pledged.  Those individuals will then get to vote based on the percentage of the pledge they’ve committed on which proposal to accept.  Once the task is complete the users will then vote again to determine if the bounty task has been completed.  If it has then the funds are released to the claimant.  If not then it will go to a site arbitrator to try and resolve the problem.  This method of bounty would be useful for community projects like "Clean up the basketball courts".

The second type would be useful for projects like "Add feature X to product Y".  Users create bounties just as before but this time the first step is skipped and the vote only on the completed project.  First to complete it and pass a vote of pledged individuals collects the bounty.  If the pledged individuals reject a claim the claimant can choose to go through an arbitrator.

OpenBounty.com would handle and financiall processing through paypal, google checkout and amazon payments and possibly with direct credit card payments in the future.  It would also take a capped percentage from each bounty to cover costs.

For this project I am giving myself 1 week.  This could be tough as I am expecting to start a fulltime contract this week but I think even working part-time I should be able to get it going.

Site: OpenBounty.org

Deadline: Sunday August 10th as 1pm GMT+10

Goals:

1. All features outlined above except for payment processing

2. Paypal payment processing only

I completed my first race around 8pm on Friday.  I just have to deploy the site now to one of my servers and get started writing the reviews.  In the end I built the site on rails since I’ve been doing a lot of work in PHP lately and wanted a change.

From start to finish I probably spent about 8 hours on the site which I think is pretty good.  The site is nothing complex but the admin panel allows me to add t-shirts very quickly by automatically fetching images from the web and creating the thumbnails using RMagick. 

I also built a basic click tracking system into it that I can extend with proper reports as time permits and traffic requires.