BotC Overview issueshttps://git.fairkom.net/faircoop/BankOfTheCommons/BotC_Overview/-/issues2024-03-04T11:41:53Zhttps://git.fairkom.net/faircoop/BankOfTheCommons/BotC_Overview/-/issues/39Solve the Api protection, for avoid bots in faircoin exchanges2024-03-04T11:41:53ZDuran EnricSolve the Api protection, for avoid bots in faircoin exchangesThe concept is that fair to eur or fair to btc or fair to eth, should work only from inside the wallet
and not with the api, for default users.
Could be needed to activate some specific cases for doing the exchange from the api, but the ...The concept is that fair to eur or fair to btc or fair to eth, should work only from inside the wallet
and not with the api, for default users.
Could be needed to activate some specific cases for doing the exchange from the api, but the default option should protect from the use of bots for taking adventage in faircoin exchanges.Release 2020https://git.fairkom.net/faircoop/BankOfTheCommons/BotC_Overview/-/issues/38To add Mx pesos. transfer in option in the multicurrency wallet2024-03-04T11:41:54ZDuran EnricTo add Mx pesos. transfer in option in the multicurrency walletJust is a feature activated in chip chap wallet, and pending in Botc, with assembly aprovalJust is a feature activated in chip chap wallet, and pending in Botc, with assembly aprovalRelease 2020https://git.fairkom.net/faircoop/BankOfTheCommons/BotC_Overview/-/issues/31Multicurrency Wallet - SEPA cash out: PDF2024-03-04T11:41:54ZChristina KoMulticurrency Wallet - SEPA cash out: PDFWhen requesting confirmation print-out, there is a new tab with:
error "invalid_grant"
error_description "The access token provided is invalid."When requesting confirmation print-out, there is a new tab with:
error "invalid_grant"
error_description "The access token provided is invalid."Release 2020https://git.fairkom.net/faircoop/BankOfTheCommons/BotC_Overview/-/issues/30Multicurrency wallet - Convert all the FAC to FAIR2024-03-04T11:41:55ZDuran EnricMulticurrency wallet - Convert all the FAC to FAIRThis is a known, decided and planned issue but delayed on the Chip chap dev priorities since the beginningThis is a known, decided and planned issue but delayed on the Chip chap dev priorities since the beginningRelease 2020https://git.fairkom.net/faircoop/BankOfTheCommons/BotC_Overview/-/issues/29Mail to members handling2024-03-04T11:41:55ZGampe SebastianMail to members handlingSend Mails to BotC members, I don't know how it works but I remember the members mail issue so I guess that the BotC support team uses the members mail addresses for contact or announcements!? Better is it that the BotC doesn't work with...Send Mails to BotC members, I don't know how it works but I remember the members mail issue so I guess that the BotC support team uses the members mail addresses for contact or announcements!? Better is it that the BotC doesn't work with members mail addresses and all mail addresses should be only stored in a secure database ( users profiles ). To send mails to members or member a mail distribution tool will used. ( write the message, select the member or distribution list of members, confirm the members list and send it )Release 2020https://git.fairkom.net/faircoop/BankOfTheCommons/BotC_Overview/-/issues/24MultiCurrencyWallet - about some characters in transactions (, .)2024-03-04T11:41:56ZGampe SebastianMultiCurrencyWallet - about some characters in transactions (, .)when you're going to make a transaction and the amount contains a point (.) then, it's wrong. Same applies if the quantity has a comma (,) to indicate decimals.
The transaction appears sent but the amount is zero. I think this should b...when you're going to make a transaction and the amount contains a point (.) then, it's wrong. Same applies if the quantity has a comma (,) to indicate decimals.
The transaction appears sent but the amount is zero. I think this should be improved, too.Release 2020https://git.fairkom.net/faircoop/BankOfTheCommons/BotC_Overview/-/issues/84Allow for a dynamic control of the btc cash out fees2024-03-04T11:40:55ZZambrana XavierAllow for a dynamic control of the btc cash out feesRight now, the btc trasnaction fee that pays to the the miners is set to 20sats/byte for all transactions. It would be cool if this could be controlled by the member who was doing the transaction. The best case scenario would be if it co...Right now, the btc trasnaction fee that pays to the the miners is set to 20sats/byte for all transactions. It would be cool if this could be controlled by the member who was doing the transaction. The best case scenario would be if it could be totally controlled, but the service would be very improved even if 3/4 options were given. For example, 20sat/byte, 14sat/byte, 7sat/byte and (1 or 2)sat/byte (the numbers are just an example).
PS: I think that the cash out fee could be adapted accordingly too - say if the transaction fee paid to the miners is x, then the cash out fee for a member is 10x, or 7x or whatever. But anyway, this should be discussed in an assembly. For now, I think that it would be good to just have in mind the improvement that I described. I wouldRelease 2021+https://git.fairkom.net/faircoop/BankOfTheCommons/BotC_Overview/-/issues/76Add recurrent transfers option2024-03-04T11:40:58ZDuran EnricAdd recurrent transfers optionWould add a payment that repeat every month or every certain period of time
with exactly the same receiver.
It can work for Sepa transfers, for Bitcoin, faircoin and eth.Would add a payment that repeat every month or every certain period of time
with exactly the same receiver.
It can work for Sepa transfers, for Bitcoin, faircoin and eth.Release 2021+https://git.fairkom.net/faircoop/BankOfTheCommons/BotC_Overview/-/issues/59Automatize cash-ins from the bank account directly to BOTC accounts2024-03-04T11:41:47ZKapisAutomatize cash-ins from the bank account directly to BOTC accountsAs suggestion by @m0k1 yesterday, I add this ticket to start seeing the technical and legal difficulties and solutions to provide a faster and more efficient way to have all the cash-ins with correct token added via API to the subaccount...As suggestion by @m0k1 yesterday, I add this ticket to start seeing the technical and legal difficulties and solutions to provide a faster and more efficient way to have all the cash-ins with correct token added via API to the subaccounts of BOTC that correspond to the tokens received, this will be benefitial to all the services and users that receive BOTC transferences and to decrease manual work or possible human errors copy-pasting
So we have 2 challenges:
1 - receive the bank cash-ins notifications not in a manual way anymore(through email or triodos read-only API if any for 3rd apps, etc).
2 - update the BOTC accounts balance accordingly including full concept(as appears in the original transference in case 3rd party apps of merchants are using BOTC transferences as payment methods for products( #36 is related to this ticket too)
Regarding receiving email from the bank and API reading those emails through SMTP, @enric mentioned that adding email notifications from Bank account would be not legally so easy since they will go the owner's holder private email. but I am thinking that if that owner is trusted, we can add a secondary email or add a redirection of bank's holder emails to BOTC address to use this feature.Release 2021+https://git.fairkom.net/faircoop/BankOfTheCommons/BotC_Overview/-/issues/45Multicurrency wallet - SWIFT bank transfer2024-03-04T11:41:52ZChristina KoMulticurrency wallet - SWIFT bank transferAt Cash Out Bank Transfer, the SWIFT option does not work. It always says 'no funds enough'. It should be activated, with the notice of the 18eur fee (and possibly deduct it).At Cash Out Bank Transfer, the SWIFT option does not work. It always says 'no funds enough'. It should be activated, with the notice of the 18eur fee (and possibly deduct it).Release 2021+https://git.fairkom.net/faircoop/BankOfTheCommons/BotC_Overview/-/issues/100Exchange: No funds enought2024-03-04T11:40:48ZZambrana XavierExchange: No funds enought![photo_2020-10-18_15-10-11](/uploads/268d920a64da15c3898d287922022219/photo_2020-10-18_15-10-11.jpg)
When using the exchange feature of the wallet, it looks like some times you might get this bug. That is, you get a red message saying ...![photo_2020-10-18_15-10-11](/uploads/268d920a64da15c3898d287922022219/photo_2020-10-18_15-10-11.jpg)
When using the exchange feature of the wallet, it looks like some times you might get this bug. That is, you get a red message saying 'No funds enought'. Now, the message is misspelled (it should be 'not enough funds', or 'non-sufficient funds'). But the message is also false, as you might be able to go on with the exchange. In particular, I was able to do the 4eur exchange that it is reported in this attached image. I had enough euros, and Enric verified that there were enough ETH in the exchange wallet. Anyway, I completely ignored the message, and it was all good. But that message should not pop up like that :)https://git.fairkom.net/faircoop/BankOfTheCommons/BotC_Overview/-/issues/92FairCoin tx history incomplete in botc wallet2024-03-04T11:40:52ZGampe SebastianFairCoin tx history incomplete in botc walletSome FairCoin tx history incomplete in botc wallets.
It seems happen when the faircoin wallet is down while payments will processed!?Some FairCoin tx history incomplete in botc wallets.
It seems happen when the faircoin wallet is down while payments will processed!?Gampe SebastianGampe Sebastianhttps://git.fairkom.net/faircoop/BankOfTheCommons/BotC_Overview/-/issues/108BotC Tech role description and proposed transition to new admin2024-03-04T11:40:45ZRamaxxBotC Tech role description and proposed transition to new admin*We are looking at someone or a team to take the tech head role. This process must be completed by the last day of March 2021 where current role will fully drop responsibilities and stop getting paid*
BotC Tech could mostly decomposed i...*We are looking at someone or a team to take the tech head role. This process must be completed by the last day of March 2021 where current role will fully drop responsibilities and stop getting paid*
BotC Tech could mostly decomposed in the 3 following areas:
- Software development/maintenance
- Sysadmin
- Crypto nodes management
Only after having experienced the tasks, learnt and documented as much as possible, I realized about the level of complexity in BotC project.
It's normally hard to find a person to cover both profiles reasonably, so it should be worth considering 2 roles as a team to cover the requirements. It's also advised against having only one fully responsible person. Two are the minimum recommended for better resilience.
### Profile Requirements
Given the nature of any Fintech project, where an admin will have a high level of responsibility for keeping people's funds safe, it's important to find someone, or a team who can be fully trusted, and of course trust each other in order to share the responsibility and have more eyes on the software and infrastructure.
Ideally, you will want people who already have a reputation, assuming they will not want to burn it.
A candidate will ideally have the following experience, or ability to learn and catch up quickly with:
#### Software
BotC codebase is built on top of a deprecated verson of Symfony and is composed of one Symfony app for the frontend and one for the backend.
- 5 years of solid PHP knowledge
- 3 years of experience with Symfony or any similar web development framework
- Strong experience on troubleshooting, debugging and reverse engineering
- Experience with cryptos will help
#### Sysadmin
BotC infrastructure is mainly based on Libvirt virtualization plus some extra VPS servers on various providers.
- 5 years experience as sysadmin on production sites/software
- Solid experience with Debian/Ubuntu servers
- Virtualization
- Networking
- Security
- Bash and Python scripting
- OS release upgrades
- Backups maintenance, restore
- RAID 1 management
#### Crypto nodes management
Currently supported crypto nodes are Ethereum, Bitcoin and Faircoin.
- Experience as node operator will help: check balances, move funds between accounts, etc
- Setup and maintain remotely accessible RPC calls (for wallet API operation)
- Experience upgrading or migrating nodes software or servers if needed
### Best practices
Collaborating with Holytransaction/Flypme, I've learnt some essential practices to keep everything as secure as possible:
* Sysadmin full paranoia mode on
* All laptops/workstations holding sensitive access, code or data must have full disk encryption
* When leaving secure locations, laptops must be turned off and **not suspended** to avoid certain physical attacks which could help gain critical infrastructure access.
* No third-party providers for sensitive information (ie, run your own Gitlab)
* One ssh key per server, passphrase protected
* Never leave a terminal unlocked+unattended if at unsafe locations (ie set autolock to a low value like 1min and force lock if you leave the keyboard)
### Additional general recommendations
* Implement role isolation as much as possible: one dev, one sysadmin, one or many crypto admins, one per node. This will be useful only if a wrapper is included around each node, to allow only mandatory RPC calls for the wallet to operate, including logging and maybe notifications)
* No access for developers to production infrastructre (as part of role isolation)
* Keep encrypted backups off-site at controlled and undisclosed locations.
## Proposed transition procedure
- Prepare a public call with the requirements.
- It is advised that candidates are validated at least by two reputable people from the Assembly.
- Create a transition telegram group where people from imMunitech will be invited to have the final say on the candidate or team.
- Candidate or team gets access to development infrastructure to learn and practice.
- Once candidates are approved and ready to take over, hand over credentials (see checklist below)
#### Handing-over credentials checklist:
- [ ] One of the remaining root admins will remove credentials from all servers for leaving role.
- [ ] One of the remaining root admins will add credentials for the new roles.
- [ ] The new role will take care of re-creating the crypto nodes' private keys and place old ones on autoforwarder node, to forward funds arriving at any of the old (compromised) addresses.
- [ ] The new role will take care of changing all passwords to critical infrastructure or sensitive data must be changed.
**From the time credentials are removed from leaving admin and private keys are replaced, leaving admin automatically drops responsibility for any issues happening, including unauthorized operations or loss of funds. Please, make sure to check the items on the list above as they are completed, to close down a potential attack vector.**https://git.fairkom.net/faircoop/BankOfTheCommons/BotC_Overview/-/issues/107Continuity of Ethereum operations2024-03-04T11:40:46ZRamaxxContinuity of Ethereum operationsEthereum operations require manually recharging the payout address (incorrectly called "hot-wallet") each time a user needs to cashout.
As announced on #106, I'm dropping responsibility of manually moving funds to payout address.
There...Ethereum operations require manually recharging the payout address (incorrectly called "hot-wallet") each time a user needs to cashout.
As announced on #106, I'm dropping responsibility of manually moving funds to payout address.
There is a proposal of having @santi take care of these recharges.
This will break the proposed transition steps which would guarantee a smooth hand-over to the new role as described on the wiki page: [BotC-Tech-role-description](BotC-Tech-role-description)
It must be decided by the assembly, or whoever wants to make him/herself responsible for taking this step.
From my side, I can guarantee I won't touch the cryptoservers or their wallets anymore unless there is any technical issue on the server side which could produce downtime, which will be properly notified in advance to the relevant teams (probably core and imMunitech). That is, I will only take care of the servers and daemons to remain running until my credentials get finally removed. Of course backups are part of the sysadmin responsibility which I will take care of.
The assembly can only trust my word that I don't keep a copy of any private keys anywere else other than the cryptonodes and the backup server, infrastructure belonging to BotC, under administrative access by @enric. After the private keys get regenerated (as explained on #108), it will be 100% guaranteed that any unauthorized movement of funds couldn't be linked to the leaving admin.
In other case, from the moment it's decided that someone else (in this case @santi) will become ETH node operator, I will automatically become exempt of any responsibility related to any sort of issues with funds (blocked, lost or stolen) from **any** of the cryptonodes.https://git.fairkom.net/faircoop/BankOfTheCommons/BotC_Overview/-/issues/103Add the account token to more places.2024-03-04T11:40:47ZGrows SporosAdd the account token to more places.It would be practical to have the account token handy in more screens than the unique https://wallet.bankofthecommons.coop/company/account?tab=profile.
A good place would be in both or either cash-in and/or wallet2wallet screens.
(Sugg...It would be practical to have the account token handy in more screens than the unique https://wallet.bankofthecommons.coop/company/account?tab=profile.
A good place would be in both or either cash-in and/or wallet2wallet screens.
(Suggested by Rama :))https://git.fairkom.net/faircoop/BankOfTheCommons/BotC_Overview/-/issues/102SEPA cash-out process optimisations2024-03-04T11:40:48ZEmil DanielSEPA cash-out process optimisations1.) Cash-out-Email: add "Sent-Flag"-Set-Link
Admin get the cashout requests in the email
An option could be a link on the same email, which would flag as sent,
if you click on it
Admin: this would help yes.
2) Bulk button:
Also it wo...1.) Cash-out-Email: add "Sent-Flag"-Set-Link
Admin get the cashout requests in the email
An option could be a link on the same email, which would flag as sent,
if you click on it
Admin: this would help yes.
2) Bulk button:
Also it would be good to be able to "success" at once all the older oneshttps://git.fairkom.net/faircoop/BankOfTheCommons/BotC_Overview/-/issues/101Dev Logs - Rama2024-03-04T11:40:48ZRamaxxDev Logs - RamaWe discussed in the BotC internal dev group that it could be helpful that every developer create an own issue and write some logs of his/her work. It makes the monthly reporting easier and everybody can follow the developers work.
In th...We discussed in the BotC internal dev group that it could be helpful that every developer create an own issue and write some logs of his/her work. It makes the monthly reporting easier and everybody can follow the developers work.
In this issue I will comment all my work regularly.RamaxxRamaxxhttps://git.fairkom.net/faircoop/BankOfTheCommons/BotC_Overview/-/issues/98Development goals and strategy2024-03-04T11:40:49ZEmil DanielDevelopment goals and strategyThere is a lack of mid and long-term goals,
which development should meet.
those can be articulated from a vision,
which than needs to be architectured
and broken down into milestones.
this shall be started here.There is a lack of mid and long-term goals,
which development should meet.
those can be articulated from a vision,
which than needs to be architectured
and broken down into milestones.
this shall be started here.https://git.fairkom.net/faircoop/BankOfTheCommons/BotC_Overview/-/issues/96Dev Logs - Sebastian2024-03-04T11:40:50ZGampe SebastianDev Logs - SebastianWe discussed in the BotC internal dev group that it could be helpful that every developer create an own issue and write some logs of his/her work. It makes the monthly reporting easier and everybody can follow the developers work.
In t...We discussed in the BotC internal dev group that it could be helpful that every developer create an own issue and write some logs of his/her work. It makes the monthly reporting easier and everybody can follow the developers work.
In this issue I will comment all my work regulary.Gampe SebastianGampe Sebastianhttps://git.fairkom.net/faircoop/BankOfTheCommons/BotC_Overview/-/issues/95Report 2020/092024-03-04T11:40:50ZEmil DanielReport 2020/09BOTC - Tech report 2020/09
===============================================
Link to this as online version plus details: https://board.net/p/botc_tech_report_assembly_2020_09
Link to this as online issue: https://git.fairkom.net/fairc...BOTC - Tech report 2020/09
===============================================
Link to this as online version plus details: https://board.net/p/botc_tech_report_assembly_2020_09
Link to this as online issue: https://git.fairkom.net/faircoop/BankOfTheCommons/BotC_Overview/-/issues/95
BOTC Overview // Issue-List: https://git.fairkom.net/faircoop/BankOfTheCommons/BotC_Overview/-/issues
________________________________________________
SUMMARY:
1) New solution for a pending issue we couldnt solve,
"Design screens for new wallet frontend". We are lacking
of human resources and skills to complete this task.
2) opportunity for a perfectly fitting "hire: frontend developer",
with the right skills and fair budget expectancies,
who would like to work with us within a reasonable budget.
There is a high probability of success in this cooperation.
3) Discussion about "onboarding" of new hired/voluntary helpers/devs.
Online bank robbery is a thing, and so security is too.
There is not yet a trust mechanism, but consideration
to compartmentalize critical code.
4) A "testing team" is needed. For new testing releases,
helping with bug reports, creating documentation,
there would be place for voluntary help. Good entrance point,
for learning or improving development skills.
5) Reporting: improving some methodology and habbits,
from developers platform (technical discussions),
to publicly interested audience (BotC Tech) - maybe more frequently,
to general audience (BotC assembly).
6) Technical Updates:
- bug-fixing in ethereum and fairpay, sysadmins routine
- removing code and wallet_v2 develoment
- further containerization for development (wallet frontend v1 done!)
________________________________________________
DETAILS:
---------------------------------------
1) Existing issue: "Design screens for new wallet frontend"
Link: https://git.fairkom.net/faircoop/BankOfTheCommons/BotC_Overview/-/issues/88
While raising the frontend technology now on modern level,
the graphical screen designs and UX concept is lacking.
There has been no solution found.
---------------------------------------
2) New frontend freelancer
[x] posting to BotC tech
Draft: proposal for the assembly regarding the web-wallet v2 development.
please take a look, make edits, add your comments, suggestions, etc...
so that we could
https://git.fairkom.net/botc_sources/wallet-frontend/-/issues/9
[ ] present it to the next assembly
[ ] agreement for onboarding of Marcelo
Next step:
[ ] service agreement with the developer, and
[ ] a signed NDA, so that he has the necessary access needed to do his work.
[ ] there is a model we used in the past which could probably be re-used. (ask Enric for it)
-----------------
3) Security considerations on Onboarding
- restricting access to internal dev team and repositories
- how to integrate new devs without risking revealing source code of parts of the highly critical infrastructure?
- internal dev group for sensitive communication:
- keep this group strictly and highly technical.
- to accept people in this group only after proven as a need and some level of trust gets built through interaction
- using gitlab for communication interface with developers (frontend/backend)
- splitting critical infrastructure (server and api code) from less critical developement (frontend/etc)
related points from last months:
- from previous security considerations: concep like key holders, for accessing backups/server's data.
----------------------------
4) Testing team
New devs could for instance start a testing team together, for example with Maro who is working professionally,
and they could probably start with the new wallet frontend.
==> both new devs onboarding together
==> testing team!!!
----------------------------
5) Reporting procedure
- developers report over the month progress and issues
via Gitlab's issue list: https://git.fairkom.net/faircoop/BankOfTheCommons/BotC_Overview/-/issues
- role "reporter"
-- 1) compiles relevant issues (in a issue or/and pad )
-- 2) summarize and reports to BotC tech (in short form with link to details)
--- maybe two weekly, if a more frequent rhytmn is welcomed
-- 3) sends report to BotC general assembly in a short form
-----------------------------------------------
6) Technical Update / Progress report:
* investigate ethereum cashout issues
* Upgrade Ethereum node: https://git.fairkom.net/faircoop/BankOfTheCommons/BotC_Overview/-/issues/94
* BotC deployment: ( legacy ) wallet frontend done.
* wallet backend and orchestration of frontend and backend is still in work.
(Should be hopefully done in October)
* fix tier permissions for certain accounts
* debugging the Fairpay incoming tx problems
* coordinate the new frontend design implementation with external collaborator (Marcelo) (already reported in point 2)
* routine sysadmin tasks (check logs, backups, update servers)
* also *remove* some code, because there are a bunch of third-party services not needed anymore