SteemFlagRewards Project Update: Web Application Development Intro
utopian-io·@anthonyadavisii·
0.000 HBDSteemFlagRewards Project Update: Web Application Development Intro
https://steemitimages.com/DQmTJj2SXdXcYLh3gtsziSEUXH6WP43UG6Ltoq9EZyWjQeb/frpaccount.jpg ## Repository: https://github.com/anthonyadavisii/steemflagrewards ## Overview: This post is intended to convey the technical requirements and design considerations for the planning of the @steemflagrewards web application. The intent of the development of this application is to streamline the flag approval process from the existing process on the [SFR Discord](https://discord.gg/7pqKmg5). ## Vision: For the purposes of demonstration, I have created the below GIF of a Google Sheets spreadsheet to illustrate the general idea of the interface. Please, note that we do not plan on using Google Sheets for the actual web app.  <center>https://ipfs.busy.org/ipfs/QmaXfDVjczpqNts6ptxDijzCjQwAjYcu134dcwdwJa6EMn</center> As you may see, I have outlined the process our moderators would follow to approve a @steemflagrewards flag mention comment to be processed by our bot for upvotes and / or beneficiary post rewards via our system to provide a return on investment for legitimate downvotes against abuse on the platform. In the above, I had reviewed the content that @flugschwein flagged and approved the mention comment against the abuser as vote farming. The SFR definition of vote farming is as follows: >vote farming You're churning out content (often low quality), in quick successions with abnormal number and/or upvote size. After reviewing the flagged content and observing the @steemcleaners comment assenting to the category of abuse, I believe we have reasonable evidence to approve the mention for processing. However, I could have gone a step further and reviewed the abusers blog which would have been helpful but it is not really necessary in the event of corroborating evidence. <sub> Or I was just being a little lazy. ¯\_(ツ)_/¯</sub> ***Here is the basic process flow.***  So, far, we have our abuse fighting colleague and witness @pjau assisting with the database work and he has created the initial tables for our users and the flag mention queue. We will have an additional table for the bot queue for approved mentions and one for flag mentions that the bot has processed. ## Let's talk about integrating this into the web front end ### Layout: For the record, I am not a web designer so my knowledge on this topic is limited but I do have experience in sustaining web servers so I do know things at a surface level. Below is a graphic that I created to provide a general idea for the user interface page layout.  ### Views: I have two functional views in mind for the site so far but there is really a world of possibilities. Once the initial site is stood up, it should be rather trivial to add additional view for more advanced functionality to include abuse metrics, analysis, and statistics. The views are as follows: - Flag Approval View (View for Mods and Admins to approve mentions) - Abuse Fighter View (Read only view of abuse posts with pending rewards) ## Additional Front End Considerations In this section, I will state additional considerations to include that of information security and "Nice to Have" items. As the approval process will be tracking the moderator doing the approvals, the integrity of their identity is essential for accountability of the respective approval. ### SteemConnect 2 Integration Let's just suppose one of our mods decides to go rogue and beging collaborating with abusers to create a *"false flag"* situation. In other words, they coordinate with the abusers to manufacture abuse in order to flag it for rewards. We've discussed this matter before internally and I will not divulge specifics on how this attack could be leveraged. All in all, such a compromise would likely be more effort than it's worth due to the time required for the attacker in building the trust to be granted authorization to approve flags and our bots Steem Power is a scant 11k Steem Power. I trust our mods and don't think we need to worry about this currently but it's good to be aware of any potential vectors that could be used to compromise the efficacy of the project. With the SC integration, we could pair the SFR web app user account to their respective Steem account via a custom JSON operation. This way we have an audit trail that we can track back to an operation that is signed with the private key of said user. In the IT security world, digital signatures are the means by which non-repudiation is achieved. This means that the user cannot reasonably repudiate or claim the transaction was not performed with their account. For example, let's say an employee, Bob, sends a digitally signed email to their bosses distribution list telling them all to go eat a shit sandwich but changed his mind after they hit send. Let's just say they sort of pulled a "Scarface" from [this scene](https://www.youtube.com/watch?v=TcuYZCv3cKM) in the movie Half-Baked but via a mass email. <center>https://media.giphy.com/media/DAJP1Z9YiMV56/giphy.gif</center> Now, Bob's knows he is in trouble because of his unfortunate email and is now confronted by his fuming supervisors. Well, Bob is going to try to backpeddle a little bit and insist that he did not send that email and that it must have been a hacker. <center>https://thumbs.gfycat.com/AngryEuphoricCuttlefish-max-1mb.gif</center> Well, Steve from IT just isn't having it as he knows what that digital signature entails. He calls bullshit because he knows that for another entity to sign that email requires Bob's private key. If that was compromised, we likely have bigger security issues than a hoax nastygram. <center>https://www.globalsign.com/files/2214/0253/7842/img127.jpg **Digitally signed email in outlook**</center> Most organization with any degree of security competency have two factor authentication in place. Bob would need to have not safeguarded his physical token and passphrase (or biometric) for the hacker to send an email spoofing Bob's identity. Either way, Bob would be in deep water. With non-repudation achieved, probably better to just own up to the email and maybe beg for forgiveness if they want to keep their job. Good luck with HR! ### Coming back from my security tangent Having the custom JSON operation can be used to reasonably assert proof of ownership of a SFR mod account which can be used to hold anyone's feet to the fire in the event of impropriety in our approval process. Do I think we need this initially? Probably not but it will be something we will want to work towards. ### Python Web Framework As most of the SFR Dev Contributors are versed in Python and we have well maintained library with Beem(by witness @holger80), it may be good for us to work with a Python-based web framework such as Django or Flask. Think this would fall under a "Nice to Have" as I know some of our friends in the abuse fighting community work with JavaScript instead. Unless there is a compelling reason for us to move to JS, I would prefer we stick to Python which will make make it easier to maintain. ## Conclusion: I hope that what I have laid out here is sufficient for my colleagues and I to work together to make the vision a reality. I'm sure we will think of more good ideas as we move forward but this should provide a basis. Looking forward to developing this website, application and pave the way for our future abuse fighters Smart Media Token. Bigger picture is that we are building a foundation to improve the human powered self-moderation feature we provide the Steem blockchain via SteemFlagRewards. To those that see the value this provides Steem as a blogging platform and see the future potential of this project, you have our sincere thanks. Our biggest shortfall is in the form of Steem Power delegations so please consider supporting especially if you use our service. <center>https://ipfs.busy.org/ipfs/QmaXfDVjczpqNts6ptxDijzCjQwAjYcu134dcwdwJa6EMn</center> Future updates planned in this series are: - "SteemFlagRewards Project Update: Web App Database Buildout" (Documenting the build process of the database and ideally the steps to replicate) - "SteemFlagRewards Project Update: Web App Front End Integration" (Document standing up the front end ...) - "SteemFlagRewards Project Update: Web App Bot Adaptation" (Document redesigning the Python / Beem Bot flag mention processing.) <sub>P.S.: This is a community project intended to enrich the Steem blockchain. Although I possess the SFR keys, I have no intention of ever powering down the account so, if you desire to invest in the platform for the long-term, consider "investing" in what we do. Our bot helps build the abuse fighting community.</sub>
👍 eforucom, angelinafx, merlin7, whitebot, steemtaker, funtraveller, ctime, amosbastian, codingdefined, iamstan, chops.support, steemchoose, helpie, antiabuse, patrice, anthonyadavisii, flagawhale, thedarkhorse, socent, pechichemena, mountainjewel, zipporah, bembelmaniac, neutralizer, randohealer, smartmeme, bestofph, sfr-mod-fund, paulag, lunaticpandora, silentscreamer, siomarasalmeron, derangedvisions, solominer, louisebelcher, genebelcher, theduskinus, daan, eonwarped, lillywilton, wdoutjah, kendallron, mcfarhat, steembasicincome, steemitweekly, markaustin, paparex, freebornsociety, crimsonclad, discordiant, clayboyn, carrieallen, cryptonik, curbot, espoem, davidfnck, johngreenfield, berniesanders, nextgencrypto, thecyclist, engagement, iflagtrash, randomthoughts, thedelegator, trevorpetrie, ngc, lordfirewire, gamsam, jplaughing, camuel, hornetmusic, amymya, verhp11, lordbutterfly, jayna, musicvoter, avesa, grizzle, elamental, indayclara, diantbi, naturicia, delabo, fel1xw, steemsig, glitterbot, dpoll.economy, spotted, minnowsmith, smartcurator, mightypanda, bullinachinashop, adam-aj, teamcr, jjay, jonmagnusson, gattino, sensation, tdre, utopian-io, jga, sofiul, crytiblock, grubo, aizulkamal, kdivya, priyanka, fulltimebot52, fulltimebot53, steemhq, steevc, bigpun, toofasteddie, townmayor, kalle801, crokkon, ocrdu, someaddons, steem-ua, pawel282, self-track, guiltyparties, steem-plus, daily.johny, brianhphotos,