RE: Let Zappl Clerify some things. FUD Correction by zappl

View this thread on: hive.blog | peakd.com | ecency.com

Viewing a response to: @inertia/re-reggaemuffin-re-inertia-re-zappl-let-zappl-clerify-some-things-fud-correction-20180212t172624074z

zappl · @zappl · Feb 12 '18 (edited)

Yup, there's no need for FUD. I just look at network activity.

    Zappl is open source you can contribute to the Github or leave bug reports on utopian.

That's highly debatable when there have been only small commits since November, 2017. My bug report was created by utopian, twice for some reason, then closed with no explanation and no related commits.

#### Reply:
There was significant updates to the project just 18 days ago. So its pretty open source. All one needs to do is just download the source and they can run it in dev mode and set up some pm2 starts for mongod and index.js but npm start dev would be easier to do.

The website will work the same way it does on the web, The only difference is they won't be able to upload videos and images, they will need to add those keys for them self.

https://github.com/Zappl/Zappl/commit/f83e3130b005008317e73748da82b08fb01c0204

<hr>

To me, it seems like the Zappl front-end was put on GitHub so it would qualify for utopian's rules. But it hasn't been maintained.

    No Zappl don't save keys, your keys are saved in your browser or mobile device not on our servers.

Maybe this is true, but it's beside the point. It's possible that Zappl signs in-browser, but it also sends the keys to the server. Since the keys are sent to the server, it's entirely possible that they're logging keys without knowing it.

    Even if Zappl was capturing keys for the public key (Which were not because they're saved in your browser)were only limited to those uses above.

This is where we get into a real problem. Certain parts of Zappl does ask for the active key and does send the active key to the server. My GitHub Issue shows this.

#### Reply:
Yes were aware active keys transactions, we have had several talks about this on discord before. The review was closed because its in an up and coming update. We tend to do bulk updates with our code.  As one can see from our latest updates from January 

We first update in a private rep then those updates are moved over to the main open rep. As a company we have plugins for our code thats are trade secret plugins. 

For some things zappl wants a competitive edge, but we still leave the code that connects these features open to the public. So if they would want to make plugins with these features they can do so their self and see how this is interacting with the code.


Were not trying to hide anything just sometimes we happen to close things with out commenting on them. Which honestly we probably shouldn't have been doing. If you look at the tickets we have closed tickets with out commenting, but the fix had still been put in.

So we will try to update users of fixes before we close tickets now.

👍 zappl

`author`	zappl
`permlink`	re-inertia-re-reggaemuffin-re-inertia-re-zappl-let-zappl-clerify-some-things-fud-correction-20180212t234258812z
`category`	zappl
`json_metadata`	{"tags":["zappl"],"links":["https://github.com/Zappl/Zappl/commit/f83e3130b005008317e73748da82b08fb01c0204"],"app":"steemit/0.1"}
`created`	2018-02-12 23:43:00
`last_update`	2018-02-12 23:57:51
`depth`	4
`children`	14
`last_payout`	2018-02-19 23:43:00
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	2,712
`author_reputation`	41,244,449,218,741
`root_title`	"Let Zappl Clerify some things. FUD Correction"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	37,055,145
`net_rshares`	0
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
zappl	0 B		0	0%

@inertia · Feb 12 '18

That commit is horrific.  Trying to look at it from github's site is impossible. Issue #5 was closed over two months ago, so there's no way it could have referenced this commit.

Ok, so assuming this commit will be deployed on zapple.com at some point, let's have a look at the code in question, without crashing my browser on GitHub.  Here's what it looks like in Atom:

[![](https://steemitimages.com/DQmTN9LbYWU1AFRfqqTGzhrWdpyijBGzjrN5kFpLnQck86q/image.png)](https://steemitimages.com/DQmTN9LbYWU1AFRfqqTGzhrWdpyijBGzjrN5kFpLnQck86q/image.png)

**Are you committing obfuscated code to GitHub?**

properties (22)

`author`	inertia
`permlink`	re-zappl-re-inertia-re-reggaemuffin-re-inertia-re-zappl-let-zappl-clerify-some-things-fud-correction-20180212t235957918z
`category`	zappl
`json_metadata`	{"tags":["zappl"],"image":["https://steemitimages.com/DQmTN9LbYWU1AFRfqqTGzhrWdpyijBGzjrN5kFpLnQck86q/image.png"],"links":["https://steemitimages.com/DQmTN9LbYWU1AFRfqqTGzhrWdpyijBGzjrN5kFpLnQck86q/image.png"],"app":"steemit/0.1"}
`created`	2018-02-12 23:59:57
`last_update`	2018-02-12 23:59:57
`depth`	5
`children`	10
`last_payout`	2018-02-19 23:59:57
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	598
`author_reputation`	346,568,901,399,561
`root_title`	"Let Zappl Clerify some things. FUD Correction"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	37,058,169
`net_rshares`	0

@zappl · Feb 13 '18 (edited)

Nope its not obfuscated, On my editor web storm that is open. Ill push a cleaned version of the update Since for some reason its not formatted correctly on that side.

Also yes our updates were pretty significant that we can't even load all the changes as well on github. That's how many there were. Close to 7-9 thousands changes.

properties (22)

`author`	zappl
`permlink`	re-inertia-re-zappl-re-inertia-re-reggaemuffin-re-inertia-re-zappl-let-zappl-clerify-some-things-fud-correction-20180213t000617578z
`category`	zappl
`json_metadata`	{"tags":["zappl"],"app":"steemit/0.1"}
`created`	2018-02-13 00:06:18
`last_update`	2018-02-13 00:13:48
`depth`	6
`children`	9
`last_payout`	2018-02-20 00:06:18
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	331
`author_reputation`	41,244,449,218,741
`root_title`	"Let Zappl Clerify some things. FUD Correction"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	37,059,308
`net_rshares`	0

@inertia · Feb 13 '18 (edited)

Is this commit (`f83e31`) active on zappl.com?  It contains the code I'm talking about in Issue #5:

```javascript
data = {
  token: token,
  activeWif: transferActiveWif,
  to: transferTo,
  amount: transferAmount
}
```

Which submits the wif to a zappl api.

```javascript
this.postWithdrawSteem = function(data){
  var response = $http.post("/api/postWithdrawSteem", data);
  return response;
}
```

properties (22)

`author`	inertia
`permlink`	re-zappl-re-inertia-re-zappl-re-inertia-re-reggaemuffin-re-inertia-re-zappl-let-zappl-clerify-some-things-fud-correction-20180213t001726426z
`category`	zappl
`json_metadata`	{"tags":["zappl"],"app":"steemit/0.1"}
`created`	2018-02-13 00:17:27
`last_update`	2018-02-13 00:31:42
`depth`	7
`children`	8
`last_payout`	2018-02-20 00:17:27
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	401
`author_reputation`	346,568,901,399,561
`root_title`	"Let Zappl Clerify some things. FUD Correction"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	37,061,367
`net_rshares`	0

8 replies

@xhunxhiss · Feb 12 '18

Please direct us to the link where we can download the source.

properties (22)

`author`	xhunxhiss
`permlink`	re-zappl-re-inertia-re-reggaemuffin-re-inertia-re-zappl-let-zappl-clerify-some-things-fud-correction-20180212t234756991z
`category`	zappl
`json_metadata`	{"tags":["zappl"],"app":"steemit/0.1"}
`created`	2018-02-12 23:48:00
`last_update`	2018-02-12 23:48:00
`depth`	5
`children`	2
`last_payout`	2018-02-19 23:48:00
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	62
`author_reputation`	1,516,355,137,255
`root_title`	"Let Zappl Clerify some things. FUD Correction"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	37,056,044
`net_rshares`	0

@zappl · Feb 13 '18 (edited)

the same place that commit is https://github.com/Zappl/Zappl/

👍 xhunxhiss

`author`	zappl
`permlink`	re-xhunxhiss-re-zappl-re-inertia-re-reggaemuffin-re-inertia-re-zappl-let-zappl-clerify-some-things-fud-correction-20180213t001547821z
`category`	zappl
`json_metadata`	{"tags":["zappl"],"links":["https://github.com/Zappl/Zappl/"],"app":"steemit/0.1"}
`created`	2018-02-13 00:15:48
`last_update`	2018-02-13 00:16:00
`depth`	6
`children`	1
`last_payout`	2018-02-20 00:15:48
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	61
`author_reputation`	41,244,449,218,741
`root_title`	"Let Zappl Clerify some things. FUD Correction"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	37,061,077
`net_rshares`	605,138,759
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
xhunxhiss	0 B		605,138,759	100%

@xhunxhiss · Feb 13 '18

Thank you @zappl. 
More power!

properties (22)