create account

RE: Let Zappl Clerify some things. FUD Correction by inertia

View this thread on: hive.blogpeakd.comecency.com

Viewing a response to: @reggaemuffin/re-inertia-re-zappl-let-zappl-clerify-some-things-fud-correction-20180212t170047958z

zappl · @inertia ·
$0.03
Yup, there's no need for FUD.  I just look at network activity.

> Zappl is open source you can contribute to the Github or leave bug reports on utopian.

That's highly debatable when there have been only small commits since November, 2017.  My bug report was created by utopian, twice for some reason, then closed with no explanation and no related commits.

To me, it seems like the Zappl front-end was put on GitHub so it would qualify for utopian's rules.  But it hasn't been maintained.

> No Zappl don't save keys, your keys are saved in your browser or mobile device not on our servers.

Maybe this is true, but it's beside the point.  It's possible that Zappl signs in-browser, but it also sends the keys to the server.  Since the keys *are* sent to the server, it's entirely possible that they're logging keys without knowing it.

> Even if Zappl was capturing keys for the public key (Which were not because they're saved in your browser)were only limited to those uses above.

This is where we get into a real problem.  Certain parts of Zappl does ask for the active key and does send the active key to the server.  My GitHub Issue shows this.
πŸ‘  ,
properties (23)
authorinertia
permlinkre-reggaemuffin-re-inertia-re-zappl-let-zappl-clerify-some-things-fud-correction-20180212t172624074z
categoryzappl
json_metadata{"tags":["zappl"],"app":"steemit/0.1"}
created2018-02-12 17:26:24
last_update2018-02-12 17:26:24
depth3
children20
last_payout2018-02-19 17:26:24
cashout_time1969-12-31 23:59:59
total_payout_value0.032 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length1,154
author_reputation346,568,901,399,561
root_title"Let Zappl Clerify some things. FUD Correction"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id36,987,146
net_rshares5,212,256,104
author_curate_reward""
vote details (2)
@reggaemuffin ·
$0.10
Exactly. Them trying to cover it just makes it worse...
πŸ‘  , , ,
properties (23)
authorreggaemuffin
permlinkre-inertia-re-reggaemuffin-re-inertia-re-zappl-let-zappl-clerify-some-things-fud-correction-20180212t173509662z
categoryzappl
json_metadata{"tags":["zappl"],"app":"steemit/0.1"}
created2018-02-12 17:35:12
last_update2018-02-12 17:35:12
depth4
children4
last_payout2018-02-19 17:35:12
cashout_time1969-12-31 23:59:59
total_payout_value0.096 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length55
author_reputation37,964,839,695,531
root_title"Let Zappl Clerify some things. FUD Correction"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id36,988,740
net_rshares13,722,422,052
author_curate_reward""
vote details (4)
@inertia · 
I’m not convinced they’re trying to cover anything up.
properties (22)
authorinertia
permlinkre-reggaemuffin-re-inertia-re-reggaemuffin-re-inertia-re-zappl-let-zappl-clerify-some-things-fud-correction-20180212t173812342z
categoryzappl
json_metadata{"tags":["zappl"],"app":"steemit/0.1"}
created2018-02-12 17:38:12
last_update2018-02-12 17:38:12
depth5
children2
last_payout2018-02-19 17:38:12
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length54
author_reputation346,568,901,399,561
root_title"Let Zappl Clerify some things. FUD Correction"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id36,989,269
net_rshares0
@reggaemuffin ·
$0.11
What esle would be their plan here?
πŸ‘  , , , ,
properties (23)
authorreggaemuffin
permlinkre-inertia-re-reggaemuffin-re-inertia-re-reggaemuffin-re-inertia-re-zappl-let-zappl-clerify-some-things-fud-correction-20180212t183013320z
categoryzappl
json_metadata{"tags":["zappl"],"app":"steemit/0.1"}
created2018-02-12 18:30:12
last_update2018-02-12 18:30:12
depth6
children1
last_payout2018-02-19 18:30:12
cashout_time1969-12-31 23:59:59
total_payout_value0.110 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length35
author_reputation37,964,839,695,531
root_title"Let Zappl Clerify some things. FUD Correction"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id36,999,499
net_rshares15,264,684,889
author_curate_reward""
vote details (5)
@zappl · 
Um we didn't try to cover anything up.
properties (22)
authorzappl
permlinkre-reggaemuffin-re-inertia-re-reggaemuffin-re-inertia-re-zappl-let-zappl-clerify-some-things-fud-correction-20180212t233820310z
categoryzappl
json_metadata{"tags":["zappl"],"app":"steemit/0.1"}
created2018-02-12 23:38:21
last_update2018-02-12 23:38:21
depth5
children0
last_payout2018-02-19 23:38:21
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length38
author_reputation41,244,449,218,741
root_title"Let Zappl Clerify some things. FUD Correction"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id37,054,364
net_rshares0
@zappl · (edited)
Yup, there's no need for FUD. I just look at network activity.

    Zappl is open source you can contribute to the Github or leave bug reports on utopian.

That's highly debatable when there have been only small commits since November, 2017. My bug report was created by utopian, twice for some reason, then closed with no explanation and no related commits.

#### Reply:
There was significant updates to the project just 18 days ago. So its pretty open source. All one needs to do is just download the source and they can run it in dev mode and set up some pm2 starts for mongod and index.js but npm start dev would be easier to do.

The website will work the same way it does on the web, The only difference is they won't be able to upload videos and images, they will need to add those keys for them self.

https://github.com/Zappl/Zappl/commit/f83e3130b005008317e73748da82b08fb01c0204

<hr>

To me, it seems like the Zappl front-end was put on GitHub so it would qualify for utopian's rules. But it hasn't been maintained.

    No Zappl don't save keys, your keys are saved in your browser or mobile device not on our servers.

Maybe this is true, but it's beside the point. It's possible that Zappl signs in-browser, but it also sends the keys to the server. Since the keys are sent to the server, it's entirely possible that they're logging keys without knowing it.

    Even if Zappl was capturing keys for the public key (Which were not because they're saved in your browser)were only limited to those uses above.

This is where we get into a real problem. Certain parts of Zappl does ask for the active key and does send the active key to the server. My GitHub Issue shows this.

#### Reply:
Yes were aware active keys transactions, we have had several talks about this on discord before. The review was closed because its in an up and coming update. We tend to do bulk updates with our code.  As one can see from our latest updates from January 

We first update in a private rep then those updates are moved over to the main open rep. As a company we have plugins for our code thats are trade secret plugins. 

For some things zappl wants a competitive edge, but we still leave the code that connects these features open to the public. So if they would want to make plugins with these features they can do so their self and see how this is interacting with the code.


Were not trying to hide anything just sometimes we happen to close things with out commenting on them. Which honestly we probably shouldn't have been doing. If you look at the tickets we have closed tickets with out commenting, but the fix had still been put in.

So we will try to update users of fixes before we close tickets now.
πŸ‘  
properties (23)
authorzappl
permlinkre-inertia-re-reggaemuffin-re-inertia-re-zappl-let-zappl-clerify-some-things-fud-correction-20180212t234258812z
categoryzappl
json_metadata{"tags":["zappl"],"links":["https://github.com/Zappl/Zappl/commit/f83e3130b005008317e73748da82b08fb01c0204"],"app":"steemit/0.1"}
created2018-02-12 23:43:00
last_update2018-02-12 23:57:51
depth4
children14
last_payout2018-02-19 23:43:00
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length2,712
author_reputation41,244,449,218,741
root_title"Let Zappl Clerify some things. FUD Correction"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id37,055,145
net_rshares0
author_curate_reward""
vote details (1)
@inertia · 
That commit is horrific.  Trying to look at it from github's site is impossible. Issue #5 was closed over two months ago, so there's no way it could have referenced this commit.

Ok, so assuming this commit will be deployed on zapple.com at some point, let's have a look at the code in question, without crashing my browser on GitHub.  Here's what it looks like in Atom:

[![](https://steemitimages.com/DQmTN9LbYWU1AFRfqqTGzhrWdpyijBGzjrN5kFpLnQck86q/image.png)](https://steemitimages.com/DQmTN9LbYWU1AFRfqqTGzhrWdpyijBGzjrN5kFpLnQck86q/image.png)

**Are you committing obfuscated code to GitHub?**
properties (22)
authorinertia
permlinkre-zappl-re-inertia-re-reggaemuffin-re-inertia-re-zappl-let-zappl-clerify-some-things-fud-correction-20180212t235957918z
categoryzappl
json_metadata{"tags":["zappl"],"image":["https://steemitimages.com/DQmTN9LbYWU1AFRfqqTGzhrWdpyijBGzjrN5kFpLnQck86q/image.png"],"links":["https://steemitimages.com/DQmTN9LbYWU1AFRfqqTGzhrWdpyijBGzjrN5kFpLnQck86q/image.png"],"app":"steemit/0.1"}
created2018-02-12 23:59:57
last_update2018-02-12 23:59:57
depth5
children10
last_payout2018-02-19 23:59:57
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length598
author_reputation346,568,901,399,561
root_title"Let Zappl Clerify some things. FUD Correction"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id37,058,169
net_rshares0
@zappl · (edited)
Nope its not obfuscated, On my editor web storm that is open. Ill push a cleaned version of the update Since for some reason its not formatted correctly on that side.

Also yes our updates were pretty significant that we can't even load all the changes as well on github. That's how many there were. Close to 7-9 thousands changes.
properties (22)
authorzappl
permlinkre-inertia-re-zappl-re-inertia-re-reggaemuffin-re-inertia-re-zappl-let-zappl-clerify-some-things-fud-correction-20180213t000617578z
categoryzappl
json_metadata{"tags":["zappl"],"app":"steemit/0.1"}
created2018-02-13 00:06:18
last_update2018-02-13 00:13:48
depth6
children9
last_payout2018-02-20 00:06:18
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length331
author_reputation41,244,449,218,741
root_title"Let Zappl Clerify some things. FUD Correction"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id37,059,308
net_rshares0
@xhunxhiss · 
Please direct us to the link where we can download the source.
properties (22)
authorxhunxhiss
permlinkre-zappl-re-inertia-re-reggaemuffin-re-inertia-re-zappl-let-zappl-clerify-some-things-fud-correction-20180212t234756991z
categoryzappl
json_metadata{"tags":["zappl"],"app":"steemit/0.1"}
created2018-02-12 23:48:00
last_update2018-02-12 23:48:00
depth5
children2
last_payout2018-02-19 23:48:00
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length62
author_reputation1,516,355,137,255
root_title"Let Zappl Clerify some things. FUD Correction"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id37,056,044
net_rshares0
@zappl · (edited)
the same place that commit is https://github.com/Zappl/Zappl/
πŸ‘  
properties (23)
authorzappl
permlinkre-xhunxhiss-re-zappl-re-inertia-re-reggaemuffin-re-inertia-re-zappl-let-zappl-clerify-some-things-fud-correction-20180213t001547821z
categoryzappl
json_metadata{"tags":["zappl"],"links":["https://github.com/Zappl/Zappl/"],"app":"steemit/0.1"}
created2018-02-13 00:15:48
last_update2018-02-13 00:16:00
depth6
children1
last_payout2018-02-20 00:15:48
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length61
author_reputation41,244,449,218,741
root_title"Let Zappl Clerify some things. FUD Correction"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id37,061,077
net_rshares605,138,759
author_curate_reward""
vote details (1)
Help/Feedback