nicksawhney/bernie-sits

Automate Crowdfunding and API Usage (KEEP THE SITE ALIVE!)

nicksawhney opened this issue · 20 comments

I just had an idea about how to keep the site going while keeping everything open source and community oriented. Let's automate the crowdfunding aspect. Monitor API calls and donations to crowdfunding, pull functionality when money runs out, bring it back when money returns. Duh! This is probably a bigger undertaking than most of the suggestions so far, but I am getting so many messages from people wanting to bring the site back. What if we used it to try a completely community supported site model, which doesn't even have to go through me.

If you're on board with this idea, let me know and let's discuss implementation details below. The hardest part will be figuring out how big a role third-parties play in the collection of funds.

Other things to consider:

  • Which software layer does this operate on? Web plugin? Server?
  • Which services does it interface with and how?
  • How does ownership of the account work (can the software itself manage its own bank account? That seems incompatible with financial systems but I don't know details)

Ha! Reminded me of this art project Google Will Eat Itself.

But yeah, adwords might not be the vibe you aiming for, but might cover some costs? There are also google grants for non-profits, including map usage, https://developers.google.com/maps/billing/public-programs, but not for political campaigns.

Didn't someone already suggest a captcha, and possibly rate limiting?

The system you are talking about sounds pretty cool, but someone complex. Limiting the number of requests per user per day, and the total number of requests per day (to something you can project affording) might work in the interim.

cheers!

PR for capcha already in #8, I'll look into it tomorrow! Might go in the "new version" (what should we call it?) of the site instead of the archival one. I really like the idea of a self-sustaining version of the site, even if it's complex to create. I can create a different repo for the technology I describe above (I'd love open source contributions), but it might be fun to leverage the popularity of the bernie-sits sight to get people interested in a wider crowdfunding model and pull in talented contributors. If anyone goes viral in the future, they can use that to offset costs and focus on the fun and engineering instead of worrying about costs like I ended up doing.

but not for political campaigns.

Thinking about it, the tooling we're considering in this thread could have some potential use-cases with campaigns, which are entirely reliant on some form of public funding and are ever-more grassroots oriented.

For sure, I think it's a really interesting idea.

There are lots of overlaps w/ paywalls and micropayments... probably worth thinking harder about what kind of user experience would make sense here - it feels a bit to me like keeping the music going on the jukebox for the sake of the entire bar's atmosphere.

Also, lots of resemblance to crowdfunding journalism (some happens on kickstarter, but there are also dedicated investigative journalistic crowdfunding platforms https://www.niemanlab.org/2018/11/2018-has-been-a-record-breaking-year-for-journalism-kickstarters-though-only-about-1-in-5-actually-get-funded/).

I also remember gittip/gratipay (https://gratipay.news/, https://github.com/gratipay/gratipay.com) which isn't around anymore, but had some really interesting ideas around maximum donations (to prevent over-reliance/influence), and recurring tips.

What would you ask the user for? Are they supporting their own usage, another user's usage, the larger enterprise? How is this different than patreon? Just integration - i.e. the real-time cutoff with a graceful error message when the site is out of juice?

Could we rotate a few keys and switch when quota runs out? they have a free tier right?

what APIs are the most expensive?

what does the costs look like ?

Is Heroku costing you more or your requests to Google Maps API. I still haven't understood this fully.

This discussion is about the site itself not my personal finances, which I can't disclose due to the entities involved during the deployment process. Generally, I expect that Google Maps will be more expensive than most hosting services. The pricing information is all public!

@mjobin-mdsol That's a really cool idea -- some kind of distributed system of swapped out API keys with free credits. How would we create a system to share API keys responsibly and privately though? Interesting stuff!

Hey,

I think the technical work around rigging this up is challenging, but perhaps more so, is thinking through how and why someone would donate when they arrive at the active (or sleeping) site.

I think it needs to be clear this isn't a paywall, or even a simple traditional transaction, where I pay for my access/usage. How could you craft an experience that encourages folks to pay it forward? Think publishing sponsors' names, pledge drives, kickstarter rewards, and indicating how many users people are sponsoring.

I think it is likely worth sketching some designs of the imagined flow before writing any code. It is also worth thinking through these use cases a little more closely. Whose credit card is actually connected to the services? Would this crowd-funding buy participants any governance? Is there anything collective happening? How real-time are we talking - would pledges be enough to keep the site running, or does the transaction need to clear? It's a much harder problem if the site owner isn't fronting/floating some of the costs (I doubt many of the services expose real time billing info anyway, so there needs to be some reserve).

Patreon actually has APIs that expose pledges for a campaign (I think). https://docs.patreon.com/#paging-through-a-list-of-pledges - could something like that work as a proof of concept? At least for the payment processor and community management components (you may want to communicate with these sponsors at some point)?

Could we rotate a few keys and switch when quota runs out? they have a free tier right?

what APIs are the most expensive?

what does the costs look like ?

@mjobin-mdsol I'm not sure I understand why would you need to rotate any keys? As I understand this project, individual users do not have quotas - everyone is collectively trying to keep the site running.

Wouldn't you always keep the same valid api keys on the backend, and just show the user different content depending on weather the site's reserves had enough resources in them?

You always need to to have enough on reserve to keep the sleeping site running.

Is this what you had in mind?

Hey everyone! Have you thought about creating a patreon so people can donate?

Stop what? I was just trying to keep this awesome site alive.

@allisonjohnson979 don't worry, i don't think the "STOP" was intended at anyone specifically. I took it that way initially as well, or that perhaps it was a spamming. But I think that the person was actually trying to just stop the e-mails from coming every time that someone responds to a thread. (i saw in the "sent from my iPhone")

@caroldegenhardt if you're trying to unsubscribe from the e-mail notifications, check if you are seeing a "Reply to this email directly, view it on GitHub, or unsubscribe." at the bottom of one of the e-mails. You might have to tap a " ... " at the bottom of the message, as sometimes part of the information gets collapsed into an ellipse. Another option is to login to your GitHub account and un-follow the bernie-sits repository (sometimes called a "repo" for short). Or justs turn off e-mail notifications altogether. I noticed that your GitHub account was created 12 days ago, so I realize it may be a new platform/service and the various options/configuration for notifications may be unfamiliar. If that's the case, no worries. Here is a helpful article to change your notification/repository subscription options. https://docs.github.com/en/github/managing-subscriptions-and-notifications-on-github/viewing-your-subscriptions#configuring-your-watch-settings-for-an-individual-repository

happy to help more @caroldegenhardt if you get stuck. :)

@mrvenanzi, wow. That was very helpful and kind!

After reading through this thread, I've seen the subject of maintaining a pool of API keys to go beyond the free tier come up. This is generally considered against TOS for free tiers. They want you to use it responsibly.

One thing I was thinking was the Google Maps API key could be provided by the front end. So when someone loads the page, they have a form input to put in their key to generate an image. That would push the responsibility of tracking API keys to the users, and push most of the legal liability to them too. Each person would only be using one API key, so that shouldn't break the Google Maps TOS. There's still a chance that Google could interpret it as abusive though (because the site enables free tiers to be used much easier - people can just copy paste a key, they don't need to code up an app), and Google could sue the maintainers of the site. Legal things are tricky...

The original goal described in this issue would solve these legal problems. If it's one Google Maps API key used, and we're actually paying Google, that's great. That's exactly how the Google Maps API is meant to be used. Then you'd just need to track things well enough that the app doesn't allow images to be generated once it runs out of money. An approach I can think of right now to solve that problem would be to increment a field in a database like Heroku Postgres each time the API key is used. Before an image is generated, the app checks whether the number of times it's been used in the past is below some value. The value in question would be increased over time as the system detects that funding has come in. Something like a Patreon API could be used to pick up this data. It's a lot of stuff to glue together, but it's not impossible.

It should be pretty simple with some If-Else with python to actually do, provided there is exactly zero security, and I feel like that's a big issue.
If there is an "API key pool" (great idea, by the way) then wouldn't you need to hide the API key(s) from being totally accessible? Or am I missing something?