2018-12-12 Engineering Meeting

Date/Time: 2018-12-12 @ 15:00 UTC / 10:00 EDT / 23:00 HKT
Click here to convert to your time zone
Length: 45 minutes
Meeting link: [https://zoom.us/j/966890423]

This meeting is for the engineering team, app developers and the community to discuss engineering concerns or questions.


Please reply to this forum post with items you would like included on the agenda.

Engineering Meeting Transcript


Unknown 1:30
Wanted to see if there was a good sample application that we had implemented fully in a very simple way for anyone to see scoped authentication tokens it would be very

Unknown 2:00
just such an that already exists each location not location scoped GAIA. One on one that just modify the authentication sample. Yeah, that’s what we would probably do is use the generator and then just modify the code that’s more useful for me right now just trying to take more of a test driven development approach, just because I don’t know the full it’s like all the second.

Unknown 3:10
Yeah, except for for my purpose of learning. It’s almost like an integration sample.

Unknown 3:22
Yeah, it’s worked for my learning purposes, at the moment.

Unknown 3:38
What is the use case for the scoped authentication tokens?

Unknown 3:56
What a scoped token would give you is you could give an application the ability to write another application’s Gaia only a subset say like, Okay. You can only write this
the applications folder?

Unknown 4:15
Is it a well known for or just the application have to advertise?

Unknown 4:22
Well the application to user would never really see any right location, sort of, so typically like these given below so maybe you have a bunch of projects. The use cas is like collaboration. You have applications
collaborate on projects projects, maybe other folder and then you can store all data related to that project in that subpath.

Unknown 4:52
So then you just have to path it a token to the folder…?

Unknown 5:08
Basically just allows you to day you can write to this Gaia. But you’re only allowed to write to this xxxx adds to whatever holds the authentic kitchen tokens

Unknown 5:37
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.ike on the animal kingdom. We have a shared notion of this page where we have leaves listening, theoretically, you could have some access to that path just right now represented by config file is with this feature you could have apps use the scoped auth token to write to that the list automatically. So it updates.

Unknown 6:01

Unknown 6:06

Unknown 6:09
Yeah. And like the concept of scoping these authentication tokens could be extended to the future to things like if the file is the path, you’re writing to it’s like a JSON object, you’re only logically only allowd to append.

Unknown 6:38
wants to take on building the sample? I could take this on just probably just type in the username.

Unknown 6:47

Unknown 6:50
maybe like two interfaces on would just be like, create scope

Unknown 7:03
to the share that

Unknown 7:09
other user with a button that says

Unknown 7:15
test rights.

Unknown 7:18
I could also try to build that as well with guidance.

Unknown 7:23
If you’re not, if you’re like, sure.

Unknown 7:28
I’ve also been kind of having like integration environments for developers and useful like for external people as opposed to just like really isolated unit tests like if someone wanted to add all expects a lot of external people to be adding large features like this that often but some wanted and they weren’t super familiar with.

Unknown 8:05
If there’s nothing else to talk about the dev tools roadmaps proposal that I put on the forum (Proposal: Developer Tools Roadmap Q1+Q2 2019)

Unknown 8:20
basically I propose the features we should work on in q2 in 2019 in order of priority I listed

Unknown 8:39

Unknown 8:41
actions display box

Unknown 8:49
will be ID creation and pathologic browser to launch is also enables things like burner IDs and then encrypting data for other users

Unknown 9:04
social proofs, verifications – that show blockstack react or on

Unknown 9:15
basically blocks and having some some resolution apps websites and apps just an error handling groups testing, I think, Larry.

Unknown 9:31
How’s the forum.

Unknown 9:35
I don’t think there’s any clamp on the size of the files at the protocol level. I think it’s just the public public one was an excellent size.

Unknown 9:45
Yeah, I think that it’s still fine.

Unknown 9:55
I mean, what we could do is add polish and so that like the protocol itself advertises file size and yes, we should we should put that and then for like Gaia images and stuff looking to having different options and then for the Gai roadmap and I just I’m keeping like an a list for Gaias specific roadmap, just because it has its own team so I added large file support to kind of like maybe the top two or three

Unknown 10:34
kind of features.

Unknown 10:39
It seems like the file size to be like very, very large like at least whatever the maximum F3 is on that you should like restrict like we should have it quartered by user. So like if you don’t want to let users or more than a certain amount in a bucket like that but like it’s just like a mean by making a like people one which 99.9% of people use have like an arbitrarily small limit it like it’s a defacto on the entire system.

Unknown 11:07
Yeah, it’s not it’s not like the right um so yeah so the possibility there is basically like we could add a feature to Gaia hub, which would track how much storage buckets have

Unknown 11:26
be awesome.

Unknown 11:32
So we can say with the yeah so if we want to put that in the roadmap.

Unknown 11:38
Yeah, we’ll figure out how to how we want to approach that

Unknown 11:44
with yeah we could add to the documentation with the default the size default gaia hub at the moment

Unknown 11:56
as far as like the UI flow when users I feel like when users sign on. There’s the option to select their own Gaia hub that’s more like that’s more thing in front end territory but I know there’s been like a lot of debate about how much information we’re getting to users on sign on just because it’s like a barrier, like maybe information overload for when users are onboarding like how much information we’re giving them so I don’t know where we want to inform them, but we should be able to update the docs at least and then it for GAIA like migration something we want to do like one aspect of migrations could be even if you don’t want to host your Gaia hub in a different place. Maybe he wants to like prodcure like for the AWS miniature working on like a bigger like volume or like more more disk size

Unknown 12:53
that that could be an option

Unknown 13:03
Ken what were you looking to get out of the road map

Unknown 13:10
priority we should be working on

Unknown 13:15
how does this fit into the OKs because like this quarter we had kind of like an engineering OKR right and then like so there were like two things we decide to engineering tasks, because we tried to be realistic about what we could actually do. Right. So, one of them was like a a Gaia related task.

Unknown 13:34
I don’t know if the top my head with the other one was. So this is something like where there’s going to be an OKR are similar and we’re trying to prioritize and if you have a couple of needs so far. Okay, so the OKR are for the developer platform. I think for next quarter is basically increase the developer happiness, I believe. Yeah, it doesn’t actually specify exactly what we should work on. Yeah.

Unknown 14:06
And this is probably where we decide what we want.

Unknown 14:10
Okay, cool. So we did last quarter where we like we had that OKR can really Wait, what are we actually going to decide are doing. Um yeah so I don’t know. I think the first thing would be to like like even before prioritizing think of like what what’s realistic like how much could the team to do and then based on that same we have time to do like to you know like what would those two be or whatever. I mean, that may not be the case but it might be a good way to like be realistic about what we can accomplish.

Unknown 14:51
Yeah, this will be this was More like a wish list of things that we have those resources. So feel free to um, there’s no like it’s something. It’s just like too hard.

Unknown 15:12
Yeah. So I think in terms of like prioritizing these items right like it would be good to get feedback from the people building on the
order of things they would want to see it.

Unknown 15:32
So some of those might be a little bit weird encrypthing data for others. This is something that people who don’t build on platform a lot experience a lot of problems with initially, but our existing developers have all found solutions for and so like don’t know their prioritizations would just think it’s really important.

Unknown 16:00
Yeah, they get (sound of sirens disrupt the recoding)

Unknown 16:05
the first thing I don’t want to do what exactly yeah and some me well there’s not that much feedback on the forums. Um, I don’t want to like add more work by just want to like throw an idea. I want to throw an idea that not be willing to do the work to backup, but like, and because I don’t know if Mitchell has like a system that maybe like asking our existing developers like take a survey and dropping in engineering slack like actually list these out because we only have a couple of responses so maybe those are the ones we should prioritize you know like the people who are reading and responding by think like multiple people talked about the Gaia inbox lightning collections and that’s something that has been like an ongoing session for a while.

Unknown 16:58
I’m the one that I would say find sense it’s like this this social group clarification.

Unknown 17:07
And the reason why it’s like to one. Yeah. Like last quarter and I kind of scraped all of the feedback and issues and and realized that we kind of like out of all the feedback requests and issues, there’s like existing bugs and then there’s new features and the social proof and I have pushed to kind of just highlight bugs like fixing things that we are already offering that aren’t working before pushing new features which we had a balance because we already like buildings so much new stuff last quarter.

Unknown 17:48
And so I would say that one just because it’s something that’s supposed to be working and we it’s still like one of our most commonly reported issues and it gets like all every onboarding were like a negative user experience because like the first thing they want to do to personalize their profile is like, you know, do as a social proof

Unknown 18:13
and as the rollout Gaia have like options and this config profile like one of the main like one of the few options for the Gaia can take is like social proofs required. So it’s just it’s going to be highlighted even more like a more interaction points that these are since become for

Unknown 18:36
sure why maybe it’s like a consistent bug that’s always recorded but never really excited because for my own feeling if we benefiting from this on there’s a lack of clarity.

Unknown 18:48
If we are going to keep it or Yeah, and I think that’s why it is not been privatized adding because there’s there’s been no decision made on whether or not. Yes, this is forever.

Unknown 19:02
It’s also look annoying because it just yet.

Unknown 19:07
It breaks every two months. Yeah, it’s like a better one we fix it and then it makes again.

Unknown 19:13
Another reason is like it’s very fragile the platforms do not want.

Unknown 19:18
Yeah, exactly. Yeah, maybe natural actual items like decide if it’s worth the effort. Today this simply fixed or maybe we should get rid of it for not going to fix it, because what we’re doing is we’re like building in like I know Jeff and other people like I haven’t done front end, really. But there’s like a big trend and push right to test like a user’s experience with lock, stock and make sure that first, you know, 45 seconds with the platform. There’s no like major like killers and like that that is like just if they have to do like four or five things when they’re interacting with the first time.

Unknown 20:00
This one’s like always broken so like really yeah and this it’s like one other point I want to bring up while you can get above this. This is kind of like something that’s like there’s these things we can work on and this is something that affects the average user and then there’s kind of like feature by the developers and those are kind of like next. In addition, like a third category that overlaps is existing bugs. So, and I think we can think about it that way to like do something that a lot of developers are asking for maybe like prioritize those things and also like do something that’s like affecting like will improve the experience of like the average user more like an existing

Unknown 20:58
a lot of these are think the kind of way. You have now is a good position I would actually pick up the encrypted data for other users like the copy, then maybe we can like classify these into I see them like categorizing different ways to like things that would affect people working with box and then really things that are more like housekeeping themselves, such as breaking them out into smaller packages and I guess one system and improved error handling. I think that’s actually really high up on the list because that would for a little bit of work. I feel like if we greatly improve a large amount of people with

Then we moved on to a discussion of GDPR. Should we provide guidance as suggested or keep it minmal.

Unknown 25:29
general, like I just while I while I believe that it is possible to apply an application on blockstack, in part because Gaia does allow you to not store users deciding whether an application actually is GDPR compliant is a legal question technical question.

Unknown 25:50
So we shouldn’t be putting ourselves on situation for giving me advice.

Unknown 25:55
We’re not there gen console and we don’t want to be liable for giving them that interpretation of the maybe we just need to stand in line or I think that we probably somewhere in this is

Unknown 26:09
yeah i mean you should if your boss GDPR compliance is can start, you should talk to avoid like you can’t ask us, even if we didn’t know we can specifically give you

Unknown 26:22
an issue was an issue.

Unknown 26:24
Well, you should everyone in the tech why because you can still build a blockchian and not be GDPR compliant.

Unknown 26:33
I mean the the the artifact, obviously, is what determines whether or not it’s consistent with the law, but it’s not just the artifact. It’s also like judge, jury whatever whoever is pulled into the side, whether or not you should be your clients

Unknown 26:49
channeling Jesse here.

Unknown 26:58
I think it would be nice to give some indicator exceeds what application developers should think about when they want to become blind.

Unknown 27:11
So again, like you would have to surround that with lots of comments right because until we have a sample application that you know has withstood illegal challenge on its GDP are this it’s not prudent for us to say that you know this GDPR compliant when it’s never been shown to be less somebody use it and then getting trouble and then you know blame us for misleading.

Unknown 27:36
I think there are places where you can look up GDPR compliance. So, but yeah I think from a legal standpoint it’s not really the engine like the all the engineers in that room. I don’t think it’s like you don’t really have the ability to override and it’s like a, like what legal limitations, we have for liability and regarding in the same way that this discussion came up I’ll applications building things that could be illegal right that that’s like ultimately for like the law, like you still have to you know like if your application is like Senator on like illegal activity like blocks. It’s not like you know if like the you still have to like advice on along is like sense but the point is like the block size is like not legal advice offering entity. So like we should not be instructing applications on how to yeah tell us like we can give a code sample of like how to export all data for some address and just be obviously using less files but yeah good would you give them say

Unknown 28:56
right yeah that’s totally fair like we can show developers like here are the tools and practices that we believe lead to GDPR compliance about the says nothing about whether you’re actually because

Unknown 29:09
I think that’s a good direction.

Unknown 29:11
In particular, the issue. I see is the the particularity docs thing is that the let’s say data controller. The app developer has no legal relationship with the data processor

Unknown 29:35
that’s is the Gaia storage because it’s defined by the user.

Unknown 29:41
Yeah. Usually around but something that can be can be stated that

Unknown 29:52
but application could certainly be constructed, which was not all that data. Yeah, on your app and then not don’t tell us your story, cookies, you’re in trouble like Gaia or no Gaia.

Unknown 30:05
You can also store like all the data is stored right because Gaias like an as-is storage model at this point.

Unknown 30:13
And so, like when GDPR violation like you know is like cert certain certain pieces of data stored and like plain text in the logs of like essential like applications, whatever storage or centralizing in your model. They used to be passwords obviously not using like standard user passwords are the authentication model, but I think there are other things where if they’re on you know you you’re operating with the data after you

Unknown 30:49
certain like certain things you can stores tech so that’s still on the application developer is the developer. It’s deciding to store the data as it’s when they write

Unknown 31:17
someone commented, the other day about localization rather curious as to what everyone else thought about

Unknown 31:30

Unknown 31:42
localizing a browser bad yeah

Unknown 31:53
we just split it up to, like which

Unknown 32:03
we want to do with

Unknown 32:10
I wish this

Unknown 32:19
roadmap thing. Are we going to like to, like, what kind of talking about and then just make it up when you finalize okrs under deciding okay look

Unknown 32:29
here’s something like task to do because right now you know we haven’t really one thing I forgot that I wanted to mention about the roadmap is I think we could maybe even do like an email blast with a survey with all of these things. If we wanted to get community Slack channel though because I mentioned that exact same thing like yeah I wonder if we would get more a click through with like we have this huge email list that I feel like for developers, we can do

Unknown 33:10
that. We have a lot of success with using the site to I just I feel like the slack for more real time for a second channel spots with God. Yeah,

Unknown 33:27
yeah. So you’re not so. Okay, so I’m not the only one that thinks think maybe a survey like getting more feedback from people about how we prioritize because we’re kind of prioritizing right and I still think like when left that I still think we should prioritize existing folks, because like there’s always going to be a teacher in class and we can always like till cool new pretty functionality and those are always like the things to do as well and it’s never fun to like six bucks but those are awesome like the neck of the negative experiences are also like impacting our success.

Unknown 34:02
Just like overall about those because the developers are always going to want new t shirts.

Unknown 34:10
Do you want a survey or vote

Unknown 34:14
like you can get up, look up the don’t just do straight voting right which doesn’t give us any form. It’s like something gets we don’t want to do that thing where we both really you vote on these topics and then have the ability to use there’s something missing from this list that you want to add don’t fix both the pumpkins yeah don’t follow

Unknown 34:49
and a similar thing where they were like, there’s a bunch of things we will talk about and how would you stack rank them and notifications are number one. Yes.

Unknown 38:30
So I think quality to we want like rationale for why certain things are important to certain people I think there’s a large kind of people who are just entering ecosystem to have a common pattern of problems that we should so they can do that. I don’t like this because of these reasons, you know, exactly. And then, and then like Thomas, you would write down to post. And I would also right I totally agree with you. I think that’s solving that problem is more important than like a feature. It sounds like you agree with me and they’re like that would not if you and I just code with a number that’s not going to be reflected in the boat boat right that like a convincing argument supporting that day will guide like much more weeks to consider like what exactly do we want from the survey because I feel like the for post is kind of giving people the ability to give rationale for what they want and we have a very low quantity of responses, whereas I think if we extend out on large survey, that’s just for voting, we get a very good kind of like sense of what the larger community because it’s like way easier to be like I’m a vote for this like give detailed explanation for this. No one except for I think I’m serving as a good idea but but like I would suggest like two things like very basic we’ve already kind of lemonade. The scope with a survey based I’m just hearing multiple people the way they’re referencing in the conversation just developers, but I really think we would we should send it out if we if we do send it out so like the entire email is because we’re we often like just think of developers and we all be sometimes as soon that like you know we should really be asking users as well. Just like general users for the process for first like figuring out what users need or want is a different so that’s true

We decided to survey our developers to help prioritize the list that Ken built. We also decided to look adopting a cleaner labeling system as proposed by ZenHub (https://robinpowered.com/blog/best-practice-system-for-organizing-and-tagging-github-issues/)

Ken’s Engineering Meeting Notes and list of Action Items

Scoped Gaia Authentication Tokens

  • We need an app for testing and reference
  • Hank and Matt will work on the app

Dev tools roadmap

  • Gaia large file support - should be on the roadmap
  • We should survey developers for their input on the roadmap, Ken will talk to Mitchell about this
  • We will categorize the items on the list into features, house keeping, bug fixes etc.
  • splitting blockstack.js is not just house keeping
    • bitcoinjs-lib and the word lists accounts for large part of the bundle size
    • look into switching from browserify


  • Blockstack is not in a position to provide legal advice