Summary of summaries
There is one outstanding security issue: we need to use longer app-specific private keys.
For developers, the most frequently reported or discussed issues are (1) blockstack authentication redirects not working (2) confusion on implementing notifications (3) desire for user-selectable gaia hubs. For users, the most frequently reported issues are difficulty understanding recovery, difficulty with social proofs, and data disappearing when trying to purchase a name. Additionally, a couple users reported issues installing the CLI and using it to transfer names.
Top Issues
Blockstack.js authentication redirects don’t work in a lot of browsers (> 5)
- Multiple reports on iOS: https://github.com/blockstack/blockstack.js/issues/481
- Also reported separately by stealthy team
- 3 Reports on brave: https://github.com/blockstack/blockstack-browser/issues/1120
New CLI is hard to install (3)
- This has been a recurrent theme on slack #engineering and #support that people can’t get the install working quite correctly
- On the forum too:
Legacy wallet transfers (1)
- There’s a whole host of legacy wallet formats (e.g., the scrypted wallet.json files, old derivation paths from the browser, the older, improper key-lengthened encrypted wallet.jsons) that people occasional want help dealing with
- Forum:
New CLI Transfer Errors (3)
- A couple different people have tried to transfer via the CLI:
-
https://github.com/jcnelson/cli-blockstack/issues/17 ← john light literally trying to send us
blockstack.id
- New Blockstack-CLI Transfer questions ← 2 different users reporting issues in the forum
-
https://github.com/jcnelson/cli-blockstack/issues/17 ← john light literally trying to send us
Connecting a Gaia node is hard / impossible (> 5)
-
The browser doesn’t support connecting a local/user-specified node — either via using app-specific gaia hubs, or via setting the gaia hub during on-boarding
-
There’s multiple forum threads about this
-
There’s a bunch of github issues:
- https://github.com/blockstack/blockstack-browser/issues/953
- https://github.com/blockstack/blockstack-browser/issues/1244
- https://github.com/blockstack/blockstack-browser/issues/1488
- https://github.com/blockstack/blockstack-browser/issues/1489
-
https://github.com/blockstack/blockstack-browser/issues/1490
Setting up gaia is hard (1)
-
A forum post about config settings:
Notification with Gaia are an Unknown (4)
- This proposal doesn’t really resolve it: Proposal: Gaia Hub Inboxes (as discussion there indicates)
- This is raised by basically every app developer we have that produces something:
- Stealthy (they use firebase as a workaround)
- Graphite (it’s not available, but Justin chimed in on that thread above)
- Misthos (https://github.com/blockstack/gaia/issues/136)
- Travelstack (discusses it here: Request for Comments: Gaia Indexing Service)
Make receiving private key by e-mail optional (1)
- Raised by Justin on github, but raised a bunch of times on Twitter as a clear sign of centralization
- https://github.com/blockstack/blockstack-browser/issues/1560
Difficulty with recovery (2)
- 2 different users reported problems recovering with their seed phrase, not understanding its relationship with password, on the forum (Recover Password)
Difficulty with social proofs (2)
- Stale issues related to linkedin verification + new users encountering the issue as well (one user reported in the forum this week):
- Recover Password
Custom authentication, on-boarding flows (1)
- One dev, in #engineering asked about implemented custom login flows, rather than ever redirecting the user to browser.
App private keys should use the longer derivation path (security)
- https://github.com/blockstack/blockstack-browser/issues/1367
- This isn’t an issue that has been reported by devs, but is a definite security concern, and it needs to be patched, otherwise there will be a lot of future pain.
Multiple ID recovery on restore (1)
- This is a frequently requested feature from active community members and blockstack team members
- Most recent report: What's the use of having multiple Identities if they don't get restored?
- Active issue tracking on browser —> Proposal: Auto-fetch IDs with activity
Profile data lost when acquiring name (2)
- This has been reported in the forum a few times, and our webform submissions:
- This is pretty consistent behavior, so it’s probably happening way more than people are reporting (i.e., it happens every time someone tries to buy a name)
Hosting blockstack-core nodes is difficult (?)
- This is feedback from enthusiasts on #engineering
- Potential solutions:
- re-instate apt package installs
- improved dockerfiles (images could be much smaller, instructions could be better)
Connecting to regtest from browser is not trivial (?)
- This is more frequently a pain point for blockstack devs, rather than community developers, though historically, it was an issue for them as well (before we gave away subdomains).
- There’s some related issues for this on the browser repo:
iOS SDK: to use gaia, encrypt or sign data, encryption must be supported (2)
- There’s currently two dev teams actively seeking to use this SDK, but obviously there are a lot more out there, and this issue is a clear blocker for the iOS SDK to be functional.
Internal Feedback
- Abstract Takeways
- There are over 100 bugs, that are not categorized as #design or #security, etc, making it hard to triage bugs.
- There are a couple of front end user interface blockers for other features (restore multiple IDs, support configurable gaia hubs)
- We’ve left around a lot of stale github issues. Repo owners really should be cleaning those out.
- Making triage easier next week
- Require bug tags to have additional tags #design or #security #UI
- Is categorizing feedback by repo a better way to do this? There is ongoing debate about splitting up by product groups discussed here: https://forum.blockstack.org/t/discussion-splitting-up-our-engineering-meeting/5756/22. Or should we categorize by team? Or is no categorization fine?
- Question: Are we missing any channels?
Engineers working on issues this sprint
Engineers working on items this sprint, please respond to this forum post with the issues you intend to work on addressing!
We will track these issues on a sprint board specifically for these issues. Aaron will (try to?) add those items to the sprint board once they’re reported by the team.
The sprint board will then be posted on the forum publicly, to increase community visibility.