Wedge

Public area => The Pub => Off-topic => Topic started by: bitcoinz on May 2nd, 2012, 09:39 AM

Title: Bitcointalk.org $11k bounty for new forum software
Post by: bitcoinz on May 2nd, 2012, 09:39 AM
They are currently using SMF 1.xxx and are looking for something similar yet better (this?)
Bounty is 2200BTC = $11,000USD

Offer:
https://bitcointalk.org/index.php?topic=50617.0
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: Nao on May 2nd, 2012, 10:35 AM
Is this spam? You have a suspicious user name.
I don't get a word of what that forum is about. People making bets..?! Doesn't look very serious to me.

If basically you're telling me that a community is willing to fork out $11k for us to implement a few extra features to Wedge, then it can be discussed. But even $11k (split in two because I'll always share any benefits with Pete, whoever does whatever work on whatever project related to Wedge), isn't going to be a clear incentive for us to stray away from pure work on what we want to do on Wedge...

And "get rid of the web 2.0ish"... What is that supposed to mean?
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: nolsilang on May 2nd, 2012, 10:47 AM
From the thread, it looks like a serious offer from the admin. Bitcoin is an alternative electronic currency[1]. The admin favor an SMF based fork/site/customization than other solution because he/she already familiar with SMF.
 1. http://en.wikipedia.org/wiki/Bitcoin
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: Nao on May 2nd, 2012, 10:56 AM
Quote from 0x on May 2nd, 2012, 10:47 AM
From the thread, it's like a serious offer from the admin. Bitcoin is an alternative electronic currency[1].
 1. http://en.wikipedia.org/wiki/Bitcoin
What's that crap about... :-/
Is that toy money, then? I saw on French wikipedia that the currency's value fluctuates greatly over the months... So when the topic title says "$11k", it really means "if you can do this immediately AND find someone who'd be willing to pay you $11k for your bitcoins..."
It could also mean "$11 bounty for new forum software" (without the "k") if this money thing fails to take off... Or "$11M bounty" even.
Quote
The admin favor an SMF based fork/site/customization than other solution because he/she already familiar with SMF.
I read a little about his requests, and although most of them are very doable in Wedge, our software is still definitely not going to please him since he "greatly" needs PostgreSQL support and we got rid of that to focus on MySQL exclusively.
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: nolsilang on May 2nd, 2012, 11:07 AM
Quote from Nao on May 2nd, 2012, 10:56 AM
And "get rid of the web 2.0ish"... What is that supposed to mean?
It's likely he/she favor function and security[1] than cosmetic.
Quote from Nao on May 2nd, 2012, 10:56 AM
What's that crap about... :-/
Is that toy money, then? I saw on French wikipedia that the currency's value fluctuates greatly over the months... So when the topic title says "$11k", it really means "if you can do this immediately AND find someone who'd be willing to pay you $11k for your bitcoins..."
It could also mean "$11 bounty for new forum software" (without the "k") if this money thing fails to take off... Or "$11M bounty" even.
I presume you will get paid in Bitcoin. From one of the exchange[2] it's 1 Bitcoin = $5.08022. I never used Bitcoin myself  :)
Quote from Nao on May 2nd, 2012, 10:56 AM
I read a little about his requests, and although most of them are very doable in Wedge, our software is still definitely not going to please him since he "greatly" needs PostgreSQL support and we got rid of that to focus on MySQL exclusively.
Yeah.. I just remembered that :p But if you can provide it in MySQL[3] maybe he/she will consider it? :D
 1. With that kind of board of course you must secure it
 2. https://mtgox.com/
 3. Quoted:PostgreSQL is greatly preferred.
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: Arantor on May 2nd, 2012, 01:39 PM
Well, I think he's smoking something but in the meantime let's analyse the comments.
Quote
The software must be written in PHP or C++, as these are the only two languages I am very familiar with. The code must be extremely easy to modify. I want to be able to make even complex changes in behavior without much trouble.
Not really possible. Every complex change will cause trouble in whatever you do.
Quote
The software can be under any license as long as I have complete access to the code forever, I can modify the code, and I will not be required to publish private modifications I make to the code (no AGPL). It can be based on paid software if the cost of the license is reflected in your price.

It would be fine for you to sell your software after you make it for this forum.
I firmly agree on the no AGPL part. That licence is even worse than GPL.
Quote
PostgreSQL is greatly preferred. Queries should be well-optimized. Do not use a database abstraction layer.
That assumes, of course, that everything else is going to be reworked for PostgreSQL. SMF and Wedge's structure will still require massive overhauls.

It also depends on what you call an 'abstraction layer'. What SMF has is an abstraction layer. What Wedge has is less of an abstraction layer but still by definition an abstraction layer.
Quote
Database queries should wherever possible be done using prepared statements, something like pg_query_params, or some other method that doesn't require the programmer to manually escape things inline.
Well, SMF 2.0 and Wedge do this.
Quote
Security is very important. Your code should have a "generally secure architecture": it should be very difficult for a programmer to mistakenly introduce security flaws.
I'd argue that SMF and Wedge's general structure is generally secure. But I won't argue with the premise that the way input handling is done is somewhat insecure.
Quote
Use salted multi-iteration hashing for passwords using one of the SHA-2 algorithms. Passwords in the existing SHA-1 format need to be automatically upgraded once the user logs in again.
As I've said before I'm not entirely convinced that multi-iteration hashing is entirely necessary, especially as it weakens entropy. But the password upgrading is easy to do in SMF/Wedge.
Quote
No user group should be able to run arbitrary PHP code.
That lets out running a portal mod, then, heh. But neither SMF nor Wedge allow this.
Quote
All actions must be done by POSTing the server. GET requests must not have side-effects.
Marking things read will be interesting then as will a few other trivialities.
Quote
The default theme should be minimalistic like the current theme. Nothing that looks "web 2.0": no speech bubbles, no significant space between posts, no significant hover effects, and few rounded corners.
I guess that's why he hasn't updated to SMF 2.0.
Quote
Admin settings that are not changed very often can be made changeable from files instead of from a web interface, though changing the settings from the files should be easy. The web interface must not allow admins to add/edit UIs, execute arbitrary code/SQL, or tamper with logging.
I can agree with this, actually. I've never been much of a fan of certain admin interfaces.
Quote
- Admins, with all powers. Only group capable of seeing IP addresses. It must be possible for admins to make certain groups, certain posts, and certain topics immune to certain types of moderation.
- Global mods, capable of doing everything with posts and posters.
- Local mods, capable of doing everything with posts and posters in their sections. Posters banned by a local mod are only banned in the sections that the local mod has jurisdiction over.
- Jr. mods, who can only moderate posters that are not established.
- Established posters: all posters who have met some easily-configurable criteria. To start with, the criteria will be 8 weighted hours online (see below for info on weighted stats).
- Categorizers: Can move all topics
- Whitelisted: immune from proxy bans, and maybe other restrictions later
- VIP donator: capable of accessing the donator section, able to change his name, and able to assign himself a custom title
- Donator+: capable of accessing the donator section and able to change his name
- Donator: capable of accessing the donator section
- Scammer: Unable to delete or modify his own profile or messages. Has his posts and PMs marked specially.
A lot of that is straight permissions. The rest is mostly general housekeeping that is not a significant amount of work.
Quote
These user groups will be hidden and not listed in a user's profile or next to his posts:
- Local mods (when outside of their sections)
- Jr. Mods
- Established posters
- Categorizers
- Whitelisted
- Donator

In addition to the pips ("stars") that most forums have, small image and text "badges" associated with some membergroups should be possible.

Certain groups (including some poster ranks) imply "whitelisted".
Easy enough group configuration.
Quote
There needs to be "weighted time online" and "weighted post count" in addition to the raw values. It should not be possible for a user to increase one of the weighted values by too much without increasing the other value. If you post 200 posts in 1 hour, your weighted post count should be 1. If you post 1 post in 200 hours, your weighted time online should 6 hours. These numbers should be configurable and should apply retroactively when changed (where possible).

Time online should not increase if you're simply refreshing a page, and it should increase more slowly if you seem to be a bot.
That won't work well whatever you're doing.
Quote
All actions that write to the database should have at least one associated configurable limit. Like "can post x topics per y seconds". There should also be a limit that prevents users from posting too soon after being stopped by another limit. It should also be easily possible for admins to ban certain regex expressions in posts, titles, and usernames (separate ban lists) from the web interface.

The limits may be modified based on membergroup. The actual limits may be relaxed, and the result of exceeding the limit may also change. Exceeding limits can do nothing, reject the action ("you may not post this topic because you just posted one 5 minutes ago!"), or automatically ban the user.
SMF already has internal handling for this, however it will have to be improved for what they're after.
Quote
When a guest tries to post a reply, he will be asked for the necessary account creation info (username and password) on the same page where he can enter his reply.

Email addresses will not be required on registration. However, the board will not send email to the user until an email address is provided and verified.

A user's very first post must not be a new topic.
The email handling is a lot more complex than what SMF normally asks for though it is certainly possible to do. To me, though, it implies that there is a risk attached to that software, in keeping with why I steer well clear of Bitcoins generally. (I mean, what good is a currency you can generate by burning CPU cycles and little more and that it's easier to steal than a conventional bank account is to break.)
Quote
It should be possible to use OpenID authentication instead of a password. The main login method should not be OpenID, though. Maybe entering an OpenID URL into the username or password field will trigger OpenID authentication.

OpenID URLs should not be used as real usernames.
Well, SMF 2.0 has that.


...bah, too bored to read any more. Lots of talk about forum specific tweaks that are probably not as effective as he thinks they will be. I won't disagree that the way SMF and Wedge handle GET/POST data is not ideal but I'm not yet sure what I want to do that's better.
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: nend on May 2nd, 2012, 04:26 PM
Quote from Arantor on May 2nd, 2012, 01:39 PM
I firmly agree on the no AGPL part. That licence is even worse than GPL.
I am sure once you get down to the business side things will change. I suspect some sneakiness here, especially since it is a one post user. I think it is just someone who wants their hands on your source before you release it, intentions unknown though.

They didn't come to a developer network to post a job, they came to a place where a forum software is known to be in the making.

Worst case scenario they can release the pre-release you sell them as their own.
Quote from Arantor on May 2nd, 2012, 01:39 PM
Quote
It should be possible to use OpenID authentication instead of a password. The main login method should not be OpenID, though. Maybe entering an OpenID URL into the username or password field will trigger OpenID authentication.

OpenID URLs should not be used as real usernames.
Well, SMF 2.0 has that.
SMF only support OpenID 1. SMF in no way supports OpendID 2 standards and currently I see no hurry in fixing the problem at SMF.
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: Nao on May 2nd, 2012, 04:42 PM
Except we won't "pre-release" Wedge to anyone but our consultants and, later, our friends...
If they're willing to wait until Wedge alpha is out, then good for them. If they want to give us money to finish implementing what they need, good for them too.
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: Arantor on May 2nd, 2012, 05:07 PM
Quote
I am sure once you get down to the business side things will change. I suspect some sneakiness here, especially since it is a one post user. I think it is just someone who wants their hands on your source before you release it, intentions unknown though.
I have grave misgivings about the entire Bitcoin ecosystem and that forum does nothing to encourage me towards helping it in any fashion.
Quote
They didn't come to a developer network to post a job, they came to a place where a forum software is known to be in the making.

Worst case scenario they can release the pre-release you sell them as their own.
Actually, the person posting here is merely indicating that such a thing is in the works. The post may or may not have been attached formally to the forum in question.

I'm not seeing any indication that they're enthusiastic about seeing/selling software but they want something tailored to them, and I don't think they're going to get it without paying for customisations, no platform offers all of that out of the box.
Quote
SMF only support OpenID 1. SMF in no way supports OpendID 2 standards and currently I see no hurry in fixing the problem at SMF.
Well, we removed OpenID support entirely to make it a plugin in future. The thing is, OpenID is a bit atypical for them, since everything else points towards not providing identity details if possible, so using an established external authority is going to tie you to an account moreso than creating an otherwise anonymous account might.
Quote
Except we won't "pre-release" Wedge to anyone but our consultants and, later, our friends...
If they're willing to wait until Wedge alpha is out, then good for them. If they want to give us money to finish implementing what they need, good for them too
Except 1) it's not real money and 2) it's not about finishing the general codebase but finishing up a specific implementation for them.
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: bitcoinz on May 3rd, 2012, 04:13 AM
I was just announcing that such a thing exists, they are looking for an SMF fork and I stumbled upon this project, just wondering if anybody was interested didn't know you weren't even alpha yet. There are more user bountys to help kick in another ~5,000 or so to that as well just to find some sort of decent fork, most of those feature requests aren't mandatory or set in stone so figured I'd ask before somebody else is paid to reinvent the wheel you already made with a new fork. The main problem is insecure SMF 0day due to it's mess of an architecture.Bitcointalk is the first forum to see SMF 0day because hackers can make money impersonating other users and doing trades outside IRC web of trust and gpg auth.

Bitcoin is cryptocurrency and traded the same as gold or silver. Price has been stable since ~Nov 2011 around $5/coin. There are dozens of exchangers you send coins to that will instantly convert it into USD or GBP/EUR at spot rate. Not like you have to accept the coins, they could cash them and pay via regular established banking.Alas, ignore.




Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: Nao on May 3rd, 2012, 07:19 AM
Ignore what?
We're not refusing anything. We are just waiting for mor details... Because obviously Wedge isn't exactly what you think it is.
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: live627 on May 3rd, 2012, 09:10 AM
I'm REALLY considering this a lot... would be a good excuse to restart/continue a SMF fork.
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: Nao on May 3rd, 2012, 09:38 AM
But you're part of our team :P
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: Arantor on May 3rd, 2012, 12:53 PM
Quote
The main problem is insecure SMF 0day due to it's mess of an architecture.Bitcointalk is the first forum to see SMF 0day
What 0-day vulnerability? There hasn't been a major security vuln in SMF for years.

And really you're just quoting that statement. Not explaining what the problem is. In any case, I think you've failed to grasp the meaning of the word 'fork' as in 'has the same base'. Wedge is rather different from SMF but it still has a lot of the same base in it.
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: lazyt on May 9th, 2012, 03:47 PM
It seems to me that they want SMF layout on top of another base.
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: Arantor on May 16th, 2012, 03:59 PM
Also, http://www.theregister.co.uk/2012/05/15/bitcoinica_hack/

Yet another reason I'm not interested in anything related to Bitcoins.
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: Nao on May 16th, 2012, 04:15 PM
It really is toy money innit... ;)
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: Norodo on May 16th, 2012, 05:44 PM
I think bitcoins definitely have their charm and place in society, but they're a little bit too unsteady at this moment to be considered for anything big.
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: Arantor on May 16th, 2012, 05:49 PM
What charm and place in society?

The idea of a virtual currency based on CPU time is totally unworkable. (In a former life I studied economics. It has no viable economic basis.)
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: Norodo on May 16th, 2012, 06:11 PM
It is currently based on CPU time, won't be looking forward, seeing as it takes more and more cycles to generate it won't make any economical sense to generate them / and it will take too long.

The place is for avoiding governments and other annoyances. Look at wikileaks for an example.
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: Arantor on May 16th, 2012, 06:24 PM
I think you're missing the point, though.

What is currency? How does currency work? Well, go back to ye olden times, you had goods exchanged between people, a butcher might trade his meat with a farmer for grain. In order for that to work on a larger scale, currency was invented as a form of IOU to enable transactions without having to cart around the physical goods.

The kicker, of course, is that the currency is worth what it's worth - and its worth is usually determined by governmental issue; governments printing more cash at a colossal scale causes hyperinflation and the currency stops being worth as much.

Now, with Bitcoins, the whole point is that it's decentralised. While that seems wonderful for the sorts of folks that need it, it really isn't. Even if we take the assumption that a Bitcoin is a tradeable commodity, it suffers from all the same supply and demand logistics that apply to any other commodity, namely that the price a given market will pay based on available supply and demand.

Money, or more specifically currency, is a commodity - the value of money is depending on the supply (from the government) and demand (people spending). Create more money in the economy, supply goes up, demand doesn't increase so fast, the money devalues.

Bitcoins have this exact problem: they're a toy currency. The amount of exchangeable currency available is a product of supply and demand, and the demand for Bitcoins is constrained, while supply is far less so, so over time the value will deflate. That aside, you still have to exchange it for currency, meaning that you're trying to convert a series of numbers into real currency - but I don't see much happening the other way.

Conceptually, what is the difference between buying Bitcoins and buying Facebook Credits, outside of the fact that FB credits are only spendable via FB?
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: Dragooon on June 8th, 2012, 04:24 PM
But if they can offer (and agree to, contractually) $11k, it's a pretty sweet deal. You can buy a couple of weeks of food with that.
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: Arantor on June 8th, 2012, 06:18 PM
$11k? That's my living costs for a number of months, really. But I couldn't in good conscience accept. Not just because I find the entire idea of Bitcoins so ridiculous but because they're arguing for changes that don't really benefit anyone except in the feel-good department.
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: Dragooon on June 10th, 2012, 09:10 AM
Quote from Arantor on June 8th, 2012, 06:18 PM
$11k? That's my living costs for a number of months, really. But I couldn't in good conscience accept. Not just because I find the entire idea of Bitcoins so ridiculous but because they're arguing for changes that don't really benefit anyone except in the feel-good department.
The couple of weeks of food was a joke :P. Fair enough I guess.
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: Arantor on June 10th, 2012, 03:52 PM
Well... here's the thing, it's not $11k actual cash. It's $11k's worth of toy money. And for the amount of time it would require, I could easily earn $11k of actually usable money.

Toy money is only as valuable as anyone is willing to pay to convert it to real money.
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: Nao on November 2nd, 2013, 09:37 AM
Quote from bitcoinz on May 2nd, 2012, 09:39 AM
They are currently using SMF 1.xxx and are looking for something similar yet better (this?)
Bounty is 2200BTC = $11,000USD

Offer:
https://bitcointalk.org/index.php?topic=50617.0
As of today -- valued to $450K. Lol. And apparently, exchanging it for real money is now doable these days. Maybe I should have taken the job... :lol:
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: nolsilang on November 2nd, 2013, 01:10 PM
Haha... we generally have our version of that.

related : http://www.theguardian.com/technology/2013/oct/29/bitcoin-forgotten-currency-norway-oslo-home

$27 worth of bitcoin in 2009 now valued almost $1 million. That's a good business.
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: Nao on November 2nd, 2013, 08:37 PM
Actually, it's after reading this article (on another website) that I came back to this topic, eh eh...

Also, looked at the topic quickly. Apparently, (1) now it's 5500 BTC (so... One... Million... Dollars?! That's a job for Dr. Evil!), and (2) no one has taken it on yet... I think it's a strategy to bring more users to their forum, or something... :lol:
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: nolsilang on November 3rd, 2013, 02:32 AM
ask for 50% upfront then? they know who you are, but the bitcoin community known for their anonymity. it will be difficult if the client doesn't want to be identified.
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: live627 on November 4th, 2013, 03:32 AM
- theymos isn't really interested anymore.
- No more than 10% is accepted upfront.
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: Nao on November 8th, 2013, 12:36 AM
Lulz, I see Dragooon tried his luck, still... :P
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: agent47 on November 8th, 2013, 09:32 AM
:D Worth a shot, eh, Dragoon?
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: Dragooon on November 8th, 2013, 12:48 PM
Quote from agent47 on November 8th, 2013, 09:32 AM
:D Worth a shot, eh, Dragoon?
Do you know the amount of zeroes in front of 5500BTC worth of USD? :P
Title: Re: Bitcointalk.org $11k bounty for new forum software
Post by: Nao on November 8th, 2013, 05:08 PM
At least 5500 zeroes today I believe. But tomorrow, the value will be divided by 10^5600, so hurry up!