scottstirling / bitcloutdao Goto Github PK

Last night the site updated and the reclout function has been implemented.

This implies the code has changed abd there should be some new versions of files to pull down, diff and version.

Visible in "view source" after the tag:

<app-root _nghost-blp-c73="" ng-version="11.1.2">

Confirmed via Safari Developer mode that the iPhone / iOS UI is also rendered via Angular (and supports the PWA install option from Angular for iOS).

Logout shows this screen and message:

They are in Arizona, owned by Godaddy.

They have a subpoena policy:
https://www.domainsbyproxy.com/policy/Subpoena.aspx

According to internet records, this company setup the *.bitclout.com domain DNS and probably the CDN and SSL certificate at least.

TODO: please investigate and document, maybe create separate issues for:

1. There’s a “Sell” link shown next to “Buy” in the Bitclout web UI that I can never seem to find again after registering an account. How is this handled in the code and styling? What conditions determine the presence of the Sell link?

UPDATE 4/10/2021: BitClout code in main.js was updated again since yesterday. The "Sell" functionality has changed and shows up under Creator Coin tab ... works partially, and not going to mess with it more til I update the code here again. Working on it ... DONE. Latest main.js is formatted and checked in.

2. What factors determine the ranking of posted content updates in BitClout’s Global content feed to users?

3. Users of Bitclout often assume (easily observable on Reddit, clubhouse and WhatsApp discussions) that all their posts, content and personal account information is stored in BitClout’s blockchain. According to @HPaulson’s analysis via the explorer API, there are only cryptocurrency transactions between wallets’ public keys. Image data is saved on Imgur. Unsure where the post contents are saved yet.

Bitclout's API endpoints for currency transactions seem likely to be wrappers proxying to www.blockcypher.com's APIs.

There are direct calls to blockcypher.com APIs and others to api.Bitclout.com which appear to negotiate IDs and hashes related to blockcypher.com APIs.

Document key concerns and doubts:

1. "significantly higher throughput and scale [than Bitcoin]" - experience and observation show this to be false with Bitclout up and down and inconsistent throughout the day when it has high traffic or rolls out core code changes to the Angular app.

2. "Like Bitcoin, BitClout is a fully open-source project and there is no company behind it-- it’s just coins and code." - not at all like Bitcoin in that the source code repository and versioning history is closed/secret as of the publication time of the white paper and to date (4/13/2021). Nor is there any explicit selection of an accepted open source license, such as Bitcoin's MIT license, nor any formal declaration of public domain "unlicense," only the phrase "fully open source" with no further context or clarification.

3. "The price of BitClout doubles for every million BitClout sold. This makes BitClout naturally scarce, resulting in 10 to 19 million BitClout minted in the long run (less than Bitcoin’s max supply of 21 million)." - issue is that doubling the price doesn't make a resource scarce.

4. "the value of someone’s coin should be correlated to that person’s standing in society. For example, if Elon Musk succeeds in landing the first person on Mars, his coin price should theoretically go up. And if, in contrast, he makes a racial slur during a press conference, his coin price should theoretically go down." - conclusions without premises or evidence. "should" is a market prediction here derived from unexplained assumptions or principles.

5. "Thus, people who believe in someone’s potential can buy their coin and succeed with them financially when that person realizes their potential." - more conclusions derived without premises established.

6. "with BitClout you can buy someone’s coin and then retweet them" - "Coming soon! Reclouting is not currently implemented." pops up whenever anyone tries to use the "retweet" or "reclout" function in Bitclout. UPDATE: reclouting function appeared overnight 4/9/2021.

7. "If you know someone with a lot of clout, or if you know someone who knows someone, you can buy a coin and send it to someone else so that they can buy and retweet them." - everyone realizes intuitively after some reflection or having associated BitClout and Black Mirror’s Nosedive episode the absurdities and harm that would also be unleashed by such a platform. Influence peddling is regulated if not prohibited and illegal in many areas of business, technology, healthcare, law, military and politics. Not clear the pros would outweigh the cons but this white paper doesn't go into any depth on such things.

8. "an 'automated market-maker,' and it’s the same concept that powers protocols like Uniswap and Bancor." - TODO: research this claim.

9. "Just like Bitcoin, anyone on the internet can run a BitClout 'node' that serves the BitClout content, and every node on the network stores a full copy of all the data" - Not "just like Bitcoin" because where's the code other than the released version we can see behind Cloudflare? Where is the repository, source code, version history, and organization to manage commits to the codebase that is being deployed live to the Internet via accounts with Cloudflare and other organizations currently?

10. "anybody can build apps on top of the BitClout data without the risk of being de-platformed" - false. The whole platform depends on Cloudflare account setup for DNS and SSL over which someone has control and for which someone is paying. The risk of being de-platformed is high if you choose to build on something over which you have no control and into which you only have access via reverse engineering.

11. "When you visit bitclout.com, you’re using our node, but there are already dozens of nodes on the network, all run by people like you." - There is no proof of this assertion nor definition of what "node" means in that claim. All we have knowledge of, as far as I am sure yet, are several Angular instances (aka “nodes” because they run on Node js in a kubernetes cluster), which we can deduce from unique instance IDs in externally exposed HTTP headers.

TODO: sort the paths below to their endpoints and POST/GET details

api.bitclout path root:
GET
https://api.bitclout.com/api/v1

POST
https://api.bitclout.com/api/v1/block
https://api.bitclout.com/api/v1/transaction-info

bitclout.com admin paths: https://api.bitclout.com/admin or https://bitclout.com/admin

(the full admin URL paths error HTTP 405 for GETs (vs any other URLs which 404) but will return 200 for OPTIONS, which indicates their presence):

/admin - GET
/admin/get-all-user-global-metadata
/admin/get-mempool-stats
/admin/get-user-global-metadata
/admin/get-username-verification-audit-logs
/admin/get-verified-users
/admin/grant-verification-badge
/admin/node-control
/admin/pin-post
/admin/remove-nil-posts
/admin/remove-verification-badge
/admin/reprocess-bitcoin-block
/admin/swap-identity
/admin/update-global-feed
/admin/update-user-global-metadata

bitclout.com paths:

/404 - GET
/add-stake
/block-public-key
/broadcast-bitcoin-txn
/burn-bitcoin
/buy-bitclout - GET
/buy-or-sell-creator-coin-WVAzTWpGOFFnMlBvWXZhTFA4NjNSZGNW
/buy-or-sell-creator-coin-preview-WVAzTWpGOFFnMlBvWXZhTFA4NjNSZGNW
/check-login-user-stateless
/create-follow-txn-stateless
/create-like-stateless
/create-user-stateless - OPTIONS, POST
/creators - GET
/get-app-state - OPTIONS, POST
/get-block-template
/get-exchange-rate - GET
/get-follows-stateless
/get-messages-stateless - OPTIONS, POST
/get-notifications
/get-posts-stateless
/get-profiles - OPTIONS, POST
/get-single-post
/get-starter-bitclout - GET
/get-txn
/get-user-global-metadata
/get-users-stateless - OPTIONS, POST
/inbox - GET
/log-in - GET
/logout
/miner-control
/notifications - GET (notifications not implemented as of date 4/13/2021)
/posts/new - GET (screen with form input to author new content post)
/send-bitclout - GET (screen to Send $BitClout)
/send-message-stateless
/send-phone-number-verification-text
/settings - GET (currently email is the only updatable setting)
/signature
/sign-up - GET (Sign up screen)
/submit-phone-number-verification-code
/submit-post
/terms-of-service - GET
/u/${profile} - GET (Profile screen)
/u/${profile}/sell - GET (Sell ${profile} coin)
/u/${profile}/trade - GET (Buy ${profile} coin)
/update-bitcoin-usd-exchange-rate
/update-profile - GET (Update Profile screen)
/update-user-global-metadata
/wallet - GET (Wallet screen)

Some of the APIs require a special miner public key parameter unavailable to public users.

Work in progress ...

Used to get the price of Bitcoin in USD for display and calculations: https://blockchain.info/ticker

Used to get fee estimate for currency transactions: https://bitcoinfees.earn.com/api/v1/fees/recommended

See subject.

This path is compiled into the main.js in 4 places and looks like an artifact from where it was built:

../../../../../../../../../../../home/dan/tmp/node-v10.16.3-linux-x64/lib/node_modules/browserify/node_modules/is-buffer/index.js

Handy utility, undoes common obfuscation techniques and makes the src more readable:
https://github.com/shapesecurity/unminify

Adds about 100k more lines of code to the resulting output of main.js ... but definitely helps.

$ npm install -g unminify
$ npx unminify src/main.js > /tmp/main-unmin.js

Do you think it's possible to have aguess as to gitclout building from scratch + operating +scaling their blockchain node vs them using some big name (https://eos.io/, https://consensys.net/...)

There is https://www.blockcypher.com/ mentioned in your Readme but you seem to think it's only used for transactions and not for the whole blockchain backend...

What's your opinion or intuition on this ?