Topic: [ANN] CIYAM Open - Put your "dibs" on tasks for BTC! - page 3. (Read 13789 times)

Sure - I understand that a C++ web app generator must seem a bit like some sort of Analytical Engine (http://en.wikipedia.org/wiki/Charles_Babbage#Analytical_Engine) to many on this forum.

But understand that by using C++ you can create *faster* and *more secure* web apps than nearly anyone else can (and by doing Software Manufacturing you aren't writing a single line of C++ nor do you have to even look at the source code if you aren't interested in that)!


There is not a large amount of docco yet (when I get more time I will be doing a lot more work on this) but I have put what is currently there up on the website (http://ciyam.org/docs/) and in particular regarding "Software Manufacturing" you should read this one: http://ciyam.org/docs/methodology.html.


That could be done but would be a rather huge task (the system took 10+ years to build) - if anyone wants to devote the time and effort towards doing that then they would be more than welcome to.

take a look at ciyam @ github: https://github.com/ciyam/ciyam

Hi Ian,

Ive been reading through this thread to learn more about your CIYAM project. The crypto side I find especially interesting and could be very useful for a toy project im working on.

But I am struggling to see the value proposition of your service.  Software manufacturing? You generate c++ web apps?

Please forgive the question, but why would I want to have a c++ web app? I have not seen one of those in a long time

How does the manufacturing happen? Do you have any docs that explains the process?

Could your technology target other web frameworks, such as creating me a web app in a more popular web language / framework?


Kind regards

In order to help the non-GPG potential workforce to easily "join in" we are now working on OpenID "sign ups" (so you will be able to use your Google or Facebook account, etc.) - this is still "under wraps" for the "public launch" so stay tuned!

Minimum browser requirements for using CIYAM Open's "client side encryption over plain HTTP" and *why*

From another thread I gather there is still a bit of confusion about why .js support and some newer DOM features (sessionStorage and localStorage in particular) are necessary.

CIYAM Open is *not* using "https" (although of course this can be added if people really want it in which case the client side encryption would simply not occur as encrypting *twice* is of course going to slow everything down as has already been noticed with Mega's approach) and so one cannot put anything "important" in a cookie as it can be "spied" upon (in the clear).

Now also in order for the client to be able to generate the OTP it needs to do *crypto* which you're not going to be doing without Javascript (am not interested in doing such things in Java for various reasons - perhaps the most obvious the recent warnings about trusting it) so you *need* Javascript support (and you *need* it to be switched on).

You also *need* to have the sessionStorage and localStorage DOM objects available. The sessionStorage is where your "password secret hash" (that is *never* transmitted) is stored (after you type in your password to log in). Later when I add in the ability to "stay logged in" the localStorage object is required in order to persist this hash (and yes - things are less secure if you elect to use that feature).

Hope that helps clarify things.

Hmm I think I have a great resource for everyone to help understand where CIYAM is getting at, the following article explains in "everyday language" to help describe the mechanisms involved here and why hashing "correctly" is important to be implmented in the websites you browse, Do you remember the "LinkedIn" passwords that were Leaked out all becuase nobody on the LinkedIn development team cared to hash their passwords or even care about security for that matter.

Here is the link to the article I hope it sheds some light on this "nerd" talk to peeps.
http://www.p2pcrypt.com/blog/single_post.php?id=10

I really wish every website had something like this. Many websites are still sending login information in the clear, especially small bitcoin websites.

An improved privacy version of our client-side encryption has now been rolled out!

To illustrate here's a simplified illustration of it in action:

Let's take a user (called 'user') and then we'll take a simple SHA256 of their
initial password and store that in the DB before sending out the GPG encrypted
password to the user "signing up".

Let's assume that someone is able to do "packet sniffing" on their connection.
In the reply to the initial AJAX style POST request (at page load) they will
see something like this:

[page load]
unique_id = 5368b7c79ff959c63dae359aaf26e8685db102ea1614601b974fcab7369879e5

Next in the AJAX style POST that occurs when you click the "login" button the
"spy" will now see something like this:

[login post]
userhash = 7e0f28b7d56cb3095d9936e9c05caf5d6b12f7eb7c527fb86e56cc9163701bbf
password = 703bd74c7145aa2f6777a2d7437d03e2ff3ff2c90ecc3f28d2a01b4561c43c68

Let's say that the user then logs out and back in:

[page load]
unique_id = e8b2a06adbebb87f65a5d26b1ff379a05952157fe1a8d3f00e2cd847e0814e7f

[login post]
userhash = 7e0f28b7d56cb3095d9936e9c05caf5d6b12f7eb7c527fb86e56cc9163701bbf
password = 79dc9389a98cc693a1c53748c454610a8c808ba6baf39c7c949d2383e69de05d

Now we can see from this that the "password" value is actually a completely
different value at each login only the "userhash" remains constant.

How does this work?

Because the original hash of the password (which is *never* transmitted) is
known to the "server" and to your browser (from the password you typed in
it generates it with Javascript) then it can be easily combined with the "unique"
hash (which is a UUID generated by the server) and then hashed again (which is
the "password" that is being finally transmitted and observed by our "spy").

Without knowing the original password hash it is simply not possible to work
out either the actual "user id" (it is a hash of the actual "user id" value
combined with the original password hash) or of course the "password" (being sent).

This technique is also "replay proof" as the "unique" value should never ever
be a repeat (unless there is something with your server's random generator).

Update - CIYAM has now started working on preparing for a facelift and other marketing activities before the "sign up" dialog is going to be integrated.

For those who had hoped it would be up already we can only say "have patience" as after many years of development we are not going to rush things now (but this project is here for the long haul and is being worked on tirelessly to get everything right).

You've nailed it - and your bid has now been Accepted (hopefully you got an email also).

Ah, 'Check Balance' then 'Open Bid', got it. I had assumed 'Pending' meant waiting for a project manager to accept the bid.


That's reassuring to know, thanks Ian 

Not quite there yet - go to your bid (after you log in click on My Project Task Bids) and you'll see that you're bid is still Pending. To "open" your bid you need to first click on it and click the "Check Funds" button (which will confirm the current balance of the BTC address you put in there so you are sure you didn't get it wrong) then Open your bid (this could have been done immediately after you *saved* the bid but you might not have noticed the buttons then).

After that I will accept it (as at this early stage I am happy enough to take first come first served) then you will have "secured" the bid - you then have until that date and time you put in to complete the task (and I'll be lenient even after that if we are making good progress - this system is intended for Project Managers and Developers to work towards getting negotiated results rather than just enforcing arbitrary rules).

Understand that the reason that a final "delivery date" is required is to simply stop bidders from "getting tasks" but then "never completing" them (it is not at all intended at all to be some sort of unfair way to "rob" you of your just rewards and if any other Project Managers are not being "fair" to Developers then I will be happy to act as a moderator and would also be more than happy to accept a trusted member of Bitcointalk to act as my own such moderator).

OK, I've placed a bid on the openWYSIWYG task.

So, I assume I now wait to see if it get accepted?

If my bid is accepted, do I then make a pull request from Git and then push the changes when I'm done?

I set the delivery date to three weeks time, but what happens if I over run the delivery date?

Okay - the "sign up" dialog is almost completed (still testing things thoroughly before I go live with it).

You can get a "sneak peak" here: http://ciyam.org/sign_up_example.png

To open an account you need only two things: a User Id and a GPG Public Key

Your account credentials will then be encrypted and emailed to you (for those who don't want to use email just create a GPG key with the email address [email protected] and instead of emailing you the GPG encrypted credentials will appear on your screen ready for you to copy and paste).

For those who are even more paranoid you can use the User Id "anon" and you'll actually end up with a User Id more like anon912c8334b0 (this will be in the encrypted message along with your "initial password").

Will hopefully have this "live" by tomorrow - any questions/feedback based upon the piccy are welcome.

I have replaced the 5th slideshow image as it was actually not correct at all (sorry for the misunderstanding).

Let me clarify that the rule (enforced by the code) is actually that your bid cannot be *sooner* that the 'delivery' date and time (so can be as much as you like later) thus rather than putting the *same* 'delivery' date and time as was put on the task you should actually put the 'listed delivery date and time + how much time you think you need' (although if the task gets Accepted earlier and it can be completed earlier then all well and good for both sides).

So if the delivery date and time was initially set to say 2013-01-13 09:00 and you think you need 2 days to get the task completed, reviewed and the pull request merged then you should put 2013-01-15 09:00 as your 'delivery bid'.

Basically a Project Manager will choose a bid according to two main criteria:

1) When can this be delivered? (the earlier the better as a general rule but also...)
2) How good are the relevant Project Skills of the bidder? (one always would like to have the most skilled person for the task)

I hope that clarifies things and am looking forward to working with you on CIYAM Open.

Hi Ian,

Love the site, very exciting!

I wish BitcoinTalk had the same funding model as CIYAM, it's much better being able to contribute to the features you want rather than making a blind site wide donation.

I was going to post a bid on a task, but got a little confused regarding the 'delivery date'. The 'delivery date' I assume is the latest the task must be completed by? If I place a bid on a task and it is not accepted until the day before the 'delivery date', does this mean I only have one day to complete the task?

(P.S. Congratulations on beating Kim Dotcom to the post with the client side encryption )

Kudos to Kim Dotcom's new Mega and interestingly enough client side encryption (a major part of his new system) has been in use for over a week on CIYAM Open.

Although some better marketing will be on its way we are patiently and slowly going to assemble the "workforce of the future" in which one doesn't work "one or two jobs" per year but maybe "100-200 different tasks" (which could be spread over numerous different projects).

A web page to help "join up" will be coming soon - and there is still 2 BTC available to write some rather trivial installation scripts.


Keep up the fight Kim!

Screw Hollywood and screw copyright!
(hmm... almost forgot - screw patents too!!)

I've now added a Topic explaining the "task bidding" system that CIYAM Open uses:

http://ciyam.org/open/?cmd=view&data=20130120042331411000&ident=M100V120&chksum=45258c8d

Queries, comments and suggestions all welcome.

Congratulations!

Pull request merged: https://github.com/ciyam/ciyam/commit/47ddeba035702edf28f74eeaecabbbc47fc2a0a7

and Bitcoin tx confirmed: http://blockchain.info/tx-index/44876826/e386ae72ce5c630ceaedd6b5a5d1c639095db56497889034258e7f2498ab23fd

and now this task appears in the "Recent Project Tasks" list: http://ciyam.org/open/?cmd=list&ident=M100L152&chksum=a8a9a22c
(which can be used as a way to find "tipping" addresses for recently completed tasks that were very much appreciated)

Still some easy tasks available and more tasks (and whole projects) will be coming soon!

seems like i completed the first task @ CIYAM Open, looking forward ty!