CIYAM (OP)
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
December 22, 2012, 12:38:12 AM Last edit: May 08, 2014, 08:55:19 AM by CIYAM |
|
CIYAM Open is now ready for Contributors and Project Managers to join in creating a new kind of digital workforce. The first 10 Project Managers to join (6 places are still left) will be able to have one Project in CIYAM Open "fee free for life". Developers need to make a "dib" for each task that they wish to work on - understand that a dib is not to do with funds but with *time*. By submitting your dib you are committing yourself to providing a git pull request by the date and time you entered in your dib. The funds allotted will be paid out in entirety to the Contributor whose dib was accepted and whose git pull request was merged by (one of) the git repository owner(s). Note that only the Contributor whose dib is Accepted would ever be expected to work on the task and understand also that each task includes one or more "skills" for which "skill points" will be awarded or deducted from the Contributor (depending upon whether an Accepted dib is finally Completed after a git pull request merged or is instead Rejected). Also understand that the acceptance of any particular dib is entirely up to the Project Manager (guidelines and further software will be developed to help with this down the track). http://ciyam.org(includes links to CIYAM Open as well as the CIYAM Safe distro which is used by the CIYAM project for 100% air-gapped offline transaction signing and the CIYAM github repository)
|
|
|
|
CIYAM (OP)
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
December 22, 2012, 12:38:29 AM Last edit: October 02, 2013, 01:40:43 PM by CIYAM Open |
|
(reserved)
|
|
|
|
gweedo
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
December 22, 2012, 12:45:43 AM |
|
Looks like it still needs some work... shouldn't be happening on 12800 X 800 screen.
|
|
|
|
CIYAM (OP)
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
December 22, 2012, 12:50:39 AM |
|
Looks like it still needs some work... shouldn't be happening on 12800 X 800 screen.
I assume you mean 1280 x 800 but in any case I did have the Tab rotated - is your screen rotated to landscape? (indeed if not rotated to landscape it won't look so good and UI is one of the main areas I will be allocating BTC tasks towards improving) Actually even in portrait it looks fine on my Tab - what device are you using?
|
|
|
|
CIYAM (OP)
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
December 22, 2012, 01:05:26 AM |
|
No device, just my laptop, Chrome.
Interesting - well the issue has now been duly noted (the problem being in the way that a .gif has been used for the table header as it shouldn't really matter how many lines it needs to flow in to) - also thanks for taking the time to look at the site.
|
|
|
|
CIYAM (OP)
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
December 24, 2012, 10:36:52 AM Last edit: December 24, 2012, 03:05:36 PM by CIYAM Pty. Ltd. |
|
An important part of the CIYAM Open funding model is that it is 100% open - that is every single tx that takes place in the project will be able to be audited via the blockchain by anybody (this is achieved through the use of raw tx's that move funds from one specific donation address to either another or to the final developer's destination).
Another important part is the safety of the private keys that are generated for use with every Project Area and Project Task - a detailed explanation of how this is achieved (and the source for the tools used) will be coming soon.
|
|
|
|
CIYAM (OP)
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
December 26, 2012, 11:17:55 AM |
|
Well in case you haven't noticed the "challenge" I put up (to crack an encrypted password that I created using a simple script and very unsafe starting password) seems to be heating up.
A more sophisticated and secure version (along with a USB installable Live OS) with instructions will soon be coming.
|
|
|
|
CIYAM (OP)
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
January 01, 2013, 12:28:36 PM |
|
Nearly there now (the "Memory Key" topic was another step along the way) - just ironing out the rough edges for safely and reasonably easily moving data between the "online" and "offline" computers now (have gone for air-gap via QR).
|
|
|
|
CIYAM (OP)
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
January 03, 2013, 02:21:53 PM |
|
Having a problem with SUSEStudio (after some sort of weird error the Build button for my distro become disabled) - if anyone knows how to fix this I'd appreciate a "heads up". EDIT: never mind it has come good now - seems their website has had some problems today (distro will be coming soon)
|
|
|
|
CIYAM (OP)
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
January 04, 2013, 03:30:21 AM |
|
Whilst preparing the CIYAM Safe distro I would like to explain the way that CIYAM Open encrypts all session data *without* SSL. When you join CIYAM Open you will need to supply a GPG public key and you will be sent an encrypted message that contains your initial password. Next you open your browser to http://ciyam.org/open and to get an idea about exactly how this has been designed do a "View Page Source" and looking at the body tag you will see the following: <body onload="load( )"> <noscript><meta http-equiv="refresh" content="0; requirements.html"/></noscript>
<div id="content"> </div>
<div id="auto_progress" class="invisible"><img src="auto_progress.gif"/></div> <div id="load_progress" class="invisible"><img src="load_progress.gif"/></div>
<iframe src="javascript:false;" name="hidden_frame" frameborder="0" width="1" height="1" marginheight="0" marginwidth="0"> </iframe>
</body> </html>
So as you can see there basically is no static content at all (and this never changes - so non-anonymous content will never even be seen by a search engine making this approach suitable for building a "diaspora" type of system that works over HTTP). How then is non-anonymous content safely encrypted? This is where the password that was sent to you GPG encrypted comes in - when you type in your user id and password it is hashed together with a "serverId" and then hashed again with a "uniqueId" (which is unique to your session) and then sent along with your user id (in the clear) to the FCGI interface. As your original password is known when the FCGI receives your user id and the hash value it can verify whether it is correct by hashing the value stored in the DB (which is the serverId + password hashed and encrypted) with the uniqueId it knew it sent to your session (this is done via a simple IP address mapping currently). Now as the 'uniqueId' will never be used again a 'replay' attack is simply not possible. To be cont'd...
|
|
|
|
CIYAM (OP)
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
January 04, 2013, 03:36:53 AM Last edit: March 03, 2013, 04:04:48 AM by CIYAM Open |
|
Also as the hashed 'serverId' + password was never broadcast (as it was hashed again along with the 'uniqueId') there is a safe "secret" that both the client .js and FCGI server know. This is what the server and the .js client will both use in order to construct a OTP that is the length of each request/response. OTP = hash(serverId + password); // simplified as it is actually hashed with multiple rounds
and to extend for the entire length of a request/response: OTP += hash (OTP);
So what is returned from the AJAX request to the .js client from the FCGI server is encrypted with the OTP and decrypted before assigning it to the "content div" and all information (apart from some state information that is seen in the URL) sent to the server by further AJAX requests is also thus encrypted. Questions and comments about this technique are welcomed.
|
|
|
|
CIYAM (OP)
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
January 08, 2013, 07:54:06 AM |
|
As well as giving the CIYAM Safe a workout before I begin to fund tasks for CIYAM Open I will be adding some support in the next few days for automatically being able to register users (although if anyone is interested to join up now just send me a GPG encrypted message with your preferred user id and an initial password).
|
|
|
|
CIYAM (OP)
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
January 11, 2013, 01:09:09 AM |
|
For my 1,000th post apart from the profile name change (I still am the Director of CIYAM Pty. Ltd. but now think that its future role in CIYAM Open is most likely only going to be one of sponsorship) I'd like to start to introduce people to the project that had initially began as a part-time hobby and has turned out to now be a full-time obsession (for the last few years in particular) to improving the way that software is developed at a very fundamental level. If you have a spare 5 minutes please take a look at the following: http://ciyam.org/open/?cmd=view&data=20121221010507352000_P&ident=M100V112&chksum=d36e9a6aI haven't rushed into creating this software platform as it is actually the culmination of design ideas, patterns and algorithms that I had begun developing as way back as 2000. By far the hardest thing about Software Manufacturing has been convincing people it actually works and I don't expect the audience on Bitcointalk to be anything but skeptical but I am patient and will be happy to answer questions about any aspect of the system (and yes I know the documentation at this stage is rather minimal). I have already created a CIYAM Safe for handling the transactions for CIYAM Open that will be performed in an externally audit-able manner (effectively "opening" the organisation's General Ledger for scrutiny by anyone that has access to the blockchain). I look forward to getting younger (and fresher) minds involved in this project and pledge that except for some unforeseen circumstance arriving I will be working on this project full-time (and without remittance) for at least the next few years.
|
|
|
|
CIYAM (OP)
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
January 14, 2013, 05:49:04 AM |
|
(casually opens the door to a new way of working - updated the OP with details)
|
|
|
|
Xenland
Legendary
Offline
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
|
|
January 14, 2013, 09:53:37 AM |
|
I can't wait to get my P2P Crypt project funded, I just need to find time to get all the tasks listed (perhaps in a couple of weeks I'll have more time), Keep up the good work with the project; I like it, everything is super simple and silky smooth, Cheers mate!
|
|
|
|
Ente
Legendary
Offline
Activity: 2126
Merit: 1001
|
|
January 14, 2013, 11:21:27 AM |
|
Thank you for your project, Ian! You are both dedicated with the project itself as with keeping us updated here, thank you! :-)
Now there is somewhat low resonance.. I believe you started with details too quick. Sure, I enjoy talking about "shall we use ssl- or gpg-encryption?" as much as everyone else around here.. But somehow, in my view, you missed to state what exactly your project does, and in what points it does better than what we have now. That is, in a few, simple, totally non-tech sentences. A "conclusion" for executive level decision. Like, you know, people first decide if a tool seems useful, and then have a second look if it is safe and sane ;-)
..keep rollin! :-)
Ente
|
|
|
|
CIYAM (OP)
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
January 14, 2013, 11:30:38 AM Last edit: January 14, 2013, 03:04:58 PM by CIYAM Open |
|
Now there is somewhat low resonance.. I believe you started with details too quick. Sure, I enjoy talking about "shall we use ssl- or gpg-encryption?" as much as everyone else around here.. But somehow, in my view, you missed to state what exactly your project does, and in what points it does better than what we have now. That is, in a few, simple, totally non-tech sentences. A "conclusion" for executive level decision. Like, you know, people first decide if a tool seems useful, and then have a second look if it is safe and sane ;-)
Thanks Ente and yes unfortunately I am 100% "no salesman" (too interested in the tech and software). Let me try and describe "in a nutshell" what CIYAM Open is: "It's a way of organising, funding and paying for contributions of tasks for projects (be they open source software projects or even say NGO's) that is 100% open and audit-able by the general public". (yes still too many words - any Marketing gurus want to trim that down for me?) I believe this is actually a first of it's kind (but am not trying to make too "bold a claim" and am happy to be corrected if wrong). The rest (and there is a lot) I will try and communicate in small chunks in the coming weeks and months (it took literally years to create this system and will probably take me at least a whole year to fully describe it unfortunately - but don't worry I will be dedicating all my working days and nights to doing this from now on).
|
|
|
|
John (John K.)
Global Troll-buster and
Legendary
Offline
Activity: 1288
Merit: 1227
Away on an extended break
|
|
January 14, 2013, 05:26:38 PM |
|
Now there is somewhat low resonance.. I believe you started with details too quick. Sure, I enjoy talking about "shall we use ssl- or gpg-encryption?" as much as everyone else around here.. But somehow, in my view, you missed to state what exactly your project does, and in what points it does better than what we have now. That is, in a few, simple, totally non-tech sentences. A "conclusion" for executive level decision. Like, you know, people first decide if a tool seems useful, and then have a second look if it is safe and sane ;-)
Thanks Ente and yes unfortunately I am 100% "no salesman" (too interested in the tech and software). Let me try and describe "in a nutshell" what CIYAM Open is: "It's a way of organising, funding and paying for contributions of tasks for projects (be they open source software projects or even say NGO's) that is 100% open and audit-able by the general public". (yes still too many words - any Marketing gurus want to trim that down for me?) I believe this is actually a first of it's kind (but am not trying to make too "bold a claim" and am happy to be corrected if wrong). The rest (and there is a lot) I will try and communicate in small chunks in the coming weeks and months (it took literally years to create this system and will probably take me at least a whole year to fully describe it unfortunately - but don't worry I will be dedicating all my working days and nights to doing this from now on). You could try comparing it with indiegogo and other crowdfunding site, and state your advantages/focuses as compared to them. I'm no marketing guru, but a simple comparison with another existing service might be the easiest way to introduce it to someone new. PS: I'm still working out on CIYAM Open's details though, so my analogue above might be way off.
|
|
|
|
CIYAM (OP)
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
January 15, 2013, 12:52:32 AM |
|
You could try comparing it with indiegogo and other crowdfunding site, and state your advantages/focuses as compared to them. I'm no marketing guru, but a simple comparison with another existing service might be the easiest way to introduce it to someone new.
Okay - first major differences are: 1) CIYAM Open funds are not "returnable donations" (although an escrow address per task will be being added for those wanting that) 2) Stemming from the above a task that fails to be completed on time does not *end* but can continue with a *new delivery date* (with another bid now being chosen for acceptance) 3) Developers get (and can lose) *skill points* per task allowing them to build a rep for the things they are good at (making it more likely that their bids will be accepted vs those with no or low points) 4) You can donate to either the whole project, a project area (which can be nested) or to an individual task within the project. I think this makes the CIYAM Open concept more of a "long-term development model" than a "kickstarting model" (especially when you look at the "sklls" side). Hope that helps make it a bit clearer.
|
|
|
|
CIYAM (OP)
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
January 15, 2013, 01:08:16 AM Last edit: January 23, 2013, 04:01:55 AM by CIYAM Open |
|
Also - consider an NGO that wants to be as "open" as humanly possible:
with CIYAM Open they can:
1) create their top level donation address as their Project
2) create Project Areas for say "Charity Drives", "Marketing", "Accounting" and "Development" (each with a donation address)
3) create specific Project Tasks tasks for every single Charity Drive, Marketing task, accounting task, etc. all of which can be individually donated to
By using the mechanism that CIYAM Open itself uses (raw tx's) or by simply creating separate wallets for the Project and each of its Project Area addresses the Project Manager can move the BTC from the *top* to the *bottom* giving you a 100% publicly audit-able organisation (verifiable via the block chain).
As a case in point CIYAM Open itself is 100% publicly audit-able (and always will be) and any "fees" that I may charge for listing other Projects down the track will actually be in the form of "donations" made to the CIYAM Open project itself or other projects that I see fit to promote (so that *zero* profit will ever go directly to myself and that can be verified by anyone with access to the block chain and the list of relevant addresses which are kept on CIYAM Open even after tasks are "completed").
|
|
|
|
|