ASE 2019 “What is FriskyPaws” Panel
Hey everyone, just freshly back from our panel at ASE and it was a blast, we had been sitting on some changes that we wanted to wait till ASE to publish.
Registration is up, profiles are up (including characters, uploads, favorites, gallery), a new dark theme (which is the only theme right now), some clean-up of the main UI.
So, where have we been?
Sorry for the long delay, we ended up getting picked up on a large project, ate a ton of hours from our entire team. Good news: we’ve decided that we’ll no longer “take a dev unless we replace them” on FriskyPaws.
With that – we picked up two new developers – Malachai and Pyrozen, they’re currently 100% dedicated to FriskyPaws and have been helping crank out some stuff.
The Panel
Our panel went well, a lot more people showed up than I anticipated, lots of feedback, lots of interest, good questions.
Which on that note, the questions:
What are you doing about security? Credit cards and processing?
Currently there are very few plans in place for credit card processing (way down the road with the marketplace), out of the gate we’ll be facilitating artist’s normal workflows through PayPal and the like.
Now on that subject I personally have a lot of experience dealing with PCI-DSS (credit card security industry standard) for companies that store credit cards on-site, which is going to be way more stringent than what we’re looking to do (Stripe). We will provide a full PCI-DSS SAQ A/A-EP depending on what we’re doing.
As for security for our user accounts, we’re leveraging ASP.NET Core Identity Version 2 right now, which defaults to PBKDF2 with HMAC-SHA1, 128-bit salt, 256-bit subkey, 1000 iterations, version 3 uses HMAC-SHA256 and 10k iterations which we will be upgrading to as soon as the other dependencies catch up.
On top of the above, we’ve already caught the ear of a few security furs to help us do some pentesting on our platform when we get into Beta, we want this system beat up, we’ve considered a bounty program but we’re not sure how we’d fund that continuously (maybe we can provide other perks? But still… have to find something we find fair on behalf of those helping us).
Where are you currently planning on hosting it?
Currently we’re on a stack that is used for other stuff. We own the servers, we’re on a 100mbit fiber line, we have ~400GB of RAM available in our cluster and 75Ghz of processing power along with 22TB of usable high-performance and resilient storage. We have lots of room for cost-effective upgrades too.
This means that our monthly bill is quite low, most funding goes towards developers and assets to the site, not paying a cloud provider to keep the lights on.
We have a couple minor gaps we need to close (redundancy on some network gear for the most part), but nothing too bad, our Discord bot stays online more than Discord does – I think that’s a good enough.
How do you plan on funding this? Will there be premium features for paying users?
We’re currently funding this through other projects we’re doing, I have zero plans to rely on FriskyPaws to bring in funding to make it viable.
We’ve considered premium features but every time we come up with something I go “but… that is something I want everyone to enjoy”, so far, I think the best we’ve got are unique badges for users that support us.
What are you doing to try to prevent moderator bias in decision making?
This is always something that is difficult to combat, but a few major things we’re looking to do:
- Moderator transparency: decisions are not made in the dark
- Clear and fairly enforced rules: moderator performance is evaluated off of their ability to do so
- Elevation system: issues can be elevated up the chain-of-command if a moderator isn’t adhering to the rules, and the moderator can be held accountable
- Zero-shame system: we all make mistakes, people overstep bounds, empathy is required even when moderating content or people’s behavior
- Avoid monolithic decisions: stay away from top-down internal decisions, encourage discussion with our staff, don’t just rubber-stamp everything, don’t just be filled with nepotistic behaviors
Ultimately people aren’t robots and it’s hard to make a completely impartial system – but we can do our best to serve the community first and foremost. The importance is the acknowledgement that we’re not always right either and to have ways to correct for that.
What are you doing about witch hunts?
This is a pretty straight forward one: our decisions for things like replacing Artist Beware is that we’ve realized there are a reason these hunts happen, but the ability to do anything about them is poor at best.
- There is a thin line between call-outs and harassment, we will not tolerate the later
- We want to discourage the use of call-outs by the very nature of addressing why call-outs happen
- We do want to facilitate that people are held accountable, we want artists that take advantage of commissioners to get reviews that reflect that negative experience, we want commissioners that are a pain to get the same
- Users that are violating our rules need to be reported and handled (content removal, temp bans, system access removal, permanent bans)
- If a user isn’t violating a rule but is being disruptive, the rules need to reviewed and updated
- If a moderator isn’t doing their job, elevate the ticket
- If the handling of a ticket doesn’t seem appropriate and we want to have a wider discussion about it in the community, we’re up for discussing it during one of our regular community touch-points
Are you looking for more developers?
Right now we’re not, but that will probably change over the next couple months, we’re currently on ASP.NET Core 2.x and a lot of our front-end components are Vue.
Are you going to have a mobile app?
Yes! Eventually. Currently we’re looking to ship with pretty solid mobile support. Eventually we’ll be maturing that into an App you can download in the store. For now we’re just going to direct people to go to the site on their mobile device – the plan is to have almost the exact same experience on both (outside of we cannot provide mobile notifications on iOS using the website due to Apple not adopting new web standards, we can on Android and your Desktop though!)
Is it just images only?
First iteration, yes. But we’re looking to add support for music and video and have debated even supporting things like games.
Are you looking to use AI/Machine Learning?
We’ve eyeballed it for some fun experimental stuff, but nothing concrete. Anything from auto-tagging to character auto-identification to moderation workload help. We do know that machine learning can be really hit-and-miss so it’s more of a tool to help.
I think that covers everything, going to admit I’m running off these questions off of memory (my bad, should have written a lot of them down). If anyone was there and remembers one please do tell me! And feel free to hit us up for any other questions!
Some additional updates tonight
I added a temp page at https://friskypaws.net/ that details all of our resources
I also uploaded our slides here: https://presentations.friskypaws.net/presentations/what-is-friskypaws
Stay tuned
Next blog should be going over how close we are and what needs to be done, along with release plans.
