dPoll is a poll application on the top of STEEM blockchain. It utilizes an account based voting and stores poll and voting data on the blockchain. It's currently ranked at #4 at steemapps by usage numbers.
Result filters
Dan's latest poll brought some questioning about account based voting. In order to eliminate multi account voting abuse, we have implemented result filters in the poll detail page.
It's possible to filter voters by
- Minimum reputation
- Minimum STEEM power
- Minimum account age in days
- Minimum post count
If you have something big to decide and act according to a poll you have created, you can use these filters to exclude 0 SP/0 activity accounts.
We didn't want to limit people to vote. So, as a poll owner, you can't set restrictions for your potential voters. Every account can vote, and the default view doesn't exclude any accounts. However, you can filter/exclude the results based on the parameters you set.
Related pull requests:
Auditing votes
dPoll uses main posts as polls, and comments as votes. Whenever you post a poll, a secret json metadata is written to the blockchain. That's the same with votes.
People may delete the comment from Steemit. This operation doesn't actually delete the comment but sends a signal that it's deleted. The comment operations still stay in the history of the blockchain, However,get_content_replies doesn't return the deleted comments.
People may edit the comments with alternative Steem apps. These apps may hijack the json_metadata, therefore removes the voting_data when they're used for editing.
see Auditing dPolls.
In order to make the auditing process easier, we have started storing corresponding transaction ids and block numbers for each vote.
There is also a public table available for each poll (accessible via the audit
button in the detail page).
Related pull requests:
Defensive broadcasting logic on votes
The previous logic on dPoll votes was:
- Register the vote in dPoll's internal database
- Sync the vote to the blockchain
However, this was causing some problems. Due to a really rare hiccup on Steemconnect, we were seeing some votes exists on dPoll but not on the blockchain. For the reference, on this huge poll, this issue happened on two votes.
We have updated the logic to behave more defensively. We register the vote to the database if only we get a successful response from the Steemconnect.
Related pull request:
Current activity levels
dPoll is ranked at 4 on steemapps. On stateofdapps we are at number 17.
Without any huge delegations, it's amazing that we generate that level of activity in the blockchain.
Thanks to our community and sponsors for the support. Our curation account is @dpoll.curation. You may consider delegating to that account to support the project.
Vote for my witness
I do my best to support the blockchain with my skills. If you like what I do, consider casting a vote on via Steemconnect or on steemit.com
Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.
To view those questions and the relevant answers related to your post, click here.
Need help? Chat with us on Discord.
[utopian-moderator]
Thank you for your review, @helo! Keep up the good work!
ǝɹǝɥ sɐʍ ɹoʇɐɹnƆ pɐW ǝɥ┴
This is a speedy and quality update to the system, nice one! :D
Thanks :-)
Impressive work and data to strengthen the outcomes of the results. Amazing that you were able to do in such short time!
Posted using Partiko iOS
Thanks @newageinv! :)
This is an amazing work @Emrebeyler and the entire @dpoll team. These restrictions is a good way to sanitize the blockchain to really bring out the value it stands for. It is quite sad how people would always be on readiness to abuse others' intellectual capacity.
My suggestion:
I would advise that you also help the dpoll creator to limit voters by the level of acitvity of the accounts. SOme idle accounts may just be created for such purposes. This implies that an account that has not been active for a few days past should not just become active for the purpose of voting. ANy account that should participate must be active at least in the last 7 days before being eligible. The reputation, age, no. of posts can still be abused, but the level of account activity would rarely be.
Goodluck!
Meanwhile, thanks to @Theycallmedan for really spicing the value of @dpoll
Hi! How can I vote for this app in the rank?
I was watching the #89 pull request, maybe if you add a validation before the loop asking for all the variables equal to zero , you could avoid the entire loop (if 0 is the default value of all the field will be usefull).
I dont know python language, and I supous that the cast and try is enough, but is possible to use Sql injection in this kind of forms?
Best regards!
Yes, good catch. Code can be refactored into using SQL instead of traversing all available votes.
refactored.
Wait, I was talking about a vulnerability called "sql injection", it's a way to introduce malicious sql code in a human filled form.
If you have a field that is concatenated in a sql query, some like:
query = "SELECT * FROM USERS WHERE SP > " + sp;
If I put this in the field:
[1 select password from users --]
I can execute sql code in your app. Even if you use a read/write connection, the code could contain some "drop table " or "drop database". Take a look of this:
Ah, no. Not even close to being vulnerable to SQL injection :)
https://github.com/emre/dpoll.xyz/blob/master/dpoll/polls/utils.py#L271
Also, Django ORM prevents SQL injection attacks with prepared queries as long as the library user doesn't execute raw queries.
The real problem with the current implementation is that the app gets all votes then filter them in a for loop. That doesn't matter in such a small scale like dPoll's but it should be done on database level. (more efficient and less code.)
Perfect! Are you able to use linq to retrieve a filtered dataset in python?
I enjoyed voting on dpoll a few times. I wish we had something like dpoll when some of the important details for the previous hardforks were being discussed.
I foresee dPoll playing a critical role in gauging community sentiment on future upgrades to the Steem blockchain.
Voted for your witness!
Thank you for the witness vote. Much appreciated. :)
Thank you for this useful update
Seems to me you are doing important work here!
Since we are part of a decentralized ecosystem, it seems to follow that many might use polling as a way to arrive at various degrees of consensus... for example for directions to take, and features on apps, and so forth. And so, a polling system needs to be as "robust" and resistant to manipulations, as possible.
Allowing the results to be filtered while everyone can still vote seems like the superior approach, as it will help expose patterns (if any) that suggest "bad actors" attempting to manipulate...
Nice work!
Adding your witness, as well.
Thank you for the witness vote.
Thank you so much for participating the Partiko Delegation Plan Round 1! We really appreciate your support! As part of the delegation benefits, we just gave you a 3.00% upvote! Together, let’s change the world!
Hi @emrebeyler!
Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your post is eligible for our upvote, thanks to our collaboration with @utopian-io!
Feel free to join our @steem-ua Discord server
Thank you for the quick update! Hope for better ones in the future :D
Poll: Cool thing? Or coolest thing ever?
Posted using Partiko Android
Congratulations @emrebeyler!
Your post was mentioned in the Steem Hit Parade in the following category:
Hey, @emrebeyler!
Thanks for contributing on Utopian.
We’re already looking forward to your next contribution!
Get higher incentives and support Utopian.io!
Simply set @utopian.pay as a 5% (or higher) payout beneficiary on your contribution post (via SteemPlus or Steeditor).
Want to chat? Join us on Discord https://discord.gg/h52nFrV.
Vote for Utopian Witness!
I'm convinced, so you have my vote, my good Lord
This post has been included in the latest edition of SoS Daily News - a digest of all you need to know about the State of Steem.
Editor of the The State of Steem SoS Daily News.
Promoter of The State of Steem SoS Weekly Forums.
Editor of the weekly listing of steem radio shows, podcasts & social broadcasts.
Founder of the A Dollar A Day charitable giving project.
These are great filters to make sure polls csn be based on real accounts only. Can I suggest another filter - last posted x days ago. That will help to eliminate inactive accounts.
Also, my two cents worth thinks this will allow the poll owner to control the poll outcome by playing with the filters, unless they declare in advance which filters will be applied. Understand you want to make the dapp more inclusive and more people to use it, but it just seems kind of odd to allow people to vote, and then exclude their vote or opinion afterwards. Afterall, in all real life votes, you always set the criteria beforehand and not afterwards.
We avoid implementing off-chain rules. If the poll owner want to make a decision, they can add an info the poll that “minimum rep N is required for a valid vote”. Actually we adready seen @shaka followed this practice in his latest poll.
Great addition.
Only genuine votes matter.
Posted using Partiko Android
Amazing
Posted using Partiko Android
Great update! Please check out my latest dpoll here https://steemit.com/dpoll/@steemingmark/do-you-think-cds-and-cd-players-have-a-future
Posted using Partiko Android
Thank you @emrebeyler for this. Having been very interested in the outcome of the last poll, I am glad that there were some useful learnings to take into other "big" (your word) polls.