Issue Summaries - Jul 28, 2018

Summary of summaries

There is one outstanding security issue: we need to use longer app-specific private keys.

For developers, the most frequently reported or discussed issues are (1) blockstack authentication redirects not working (2) confusion on implementing notifications (3) desire for user-selectable gaia hubs. For users, the most frequently reported issues are difficulty understanding recovery, difficulty with social proofs, and data disappearing when trying to purchase a name. Additionally, a couple users reported issues installing the CLI and using it to transfer names.

Top Issues

Blockstack.js authentication redirects don’t work in a lot of browsers (> 5)

New CLI is hard to install (3)

Legacy wallet transfers (1)

New CLI Transfer Errors (3)

Connecting a Gaia node is hard / impossible (> 5)

Notification with Gaia are an Unknown (4)

Make receiving private key by e-mail optional (1)

Difficulty with recovery (2)

  • 2 different users reported problems recovering with their seed phrase, not understanding its relationship with password, on the forum (Recover Password)

Difficulty with social proofs (2)

  • Stale issues related to linkedin verification + new users encountering the issue as well (one user reported in the forum this week):
  • Recover Password

Custom authentication, on-boarding flows (1)

  • One dev, in #engineering asked about implemented custom login flows, rather than ever redirecting the user to browser.

App private keys should use the longer derivation path (security)

Multiple ID recovery on restore (1)

Profile data lost when acquiring name (2)

Hosting blockstack-core nodes is difficult (?)

  • This is feedback from enthusiasts on #engineering
  • Potential solutions:
    • re-instate apt package installs
    • improved dockerfiles (images could be much smaller, instructions could be better)

Connecting to regtest from browser is not trivial (?)

iOS SDK: to use gaia, encrypt or sign data, encryption must be supported (2)

  • There’s currently two dev teams actively seeking to use this SDK, but obviously there are a lot more out there, and this issue is a clear blocker for the iOS SDK to be functional.

Internal Feedback

  • Abstract Takeways
    • There are over 100 bugs, that are not categorized as #design or #security, etc, making it hard to triage bugs.
    • There are a couple of front end user interface blockers for other features (restore multiple IDs, support configurable gaia hubs)
    • We’ve left around a lot of stale github issues. Repo owners really should be cleaning those out.
  • Making triage easier next week
  • Question: Are we missing any channels?
    • Telegram
    • Hackathons/follow up surveys from Mitchell
    • Summarizing #support and #pbc-support
    • Bug bounties
    • Tutorial failures due to technical issues → can these please list as bugs?
    • #support
      • closing accounts
      • app recovery

Engineers working on issues this sprint

Engineers working on items this sprint, please respond to this forum post with the issues you intend to work on addressing!

We will track these issues on a sprint board specifically for these issues. Aaron will (try to?) add those items to the sprint board once they’re reported by the team.

The sprint board will then be posted on the forum publicly, to increase community visibility.

I can only speak to the repos I work on regularly.

The problem was that John Light did not enter the command correctly. The CLI (correctly) told him he passed an invalid argument, and printed the (correct) command format and a brief tutorial on how to use it. Not sure how useful this is now, but I replied to his issue on the CLI. As time permits, I’m updating the CLI documentation to also print out an example of each command, in order to make the correct usage clearer.

New Blockstack-CLI Transfer questions 1 ← 2 different users reporting issues in the forum

One user presumably succeeded in using the old CLI, and the other just said “it doesn’t work” with no other useful information.

Connecting a Gaia node is hard / impossible (> 5)
Setting up gaia is hard (1)

I am actively working on both of these. Kanban here: Please feel free to add any relevant issues to it :slight_smile: .

Notification with Gaia are an Unknown (4)

Actually, I think we (the Blockstack developers) are largely in agreement about what to implement. I think the bulk of the remaining confusion comes from some app developers seemingly (but incorrectly) thinking that Gaia should implement the whole of WebRTC internally.

Hosting blockstack-core nodes is difficult (?)

I’m working on this in the develop branch, which greatly simplifies the deployment story for blockstack-core. In particular, it removes the scrypt dependency and it merges the API daemon and the indexer daemon.

We’ll plan on starting to address this by proposing a solution on the public forum, seeing if it addresses developer concerns and see what the next steps there would be.

  • iOS is currently in a PR over here
  • Brave will likely require communicating with the Brave team on a solution. Unfortunately that browser is all about blending in with Chrome, so we have no method of determining if the user is on Chrome or on Brave. More info in the linked issue.

This strikes me as something that would be good for the CLI rather than browser, a utility to turn it into something the browser can use (12 word mnemonic or encrypted recovery key.) Ideally we want to confuse users less about recovery options, not add more.

I think this one will be in a holding pattern until we figure out what we’re doing to improve onboarding. This might also cause some issues with apps that are relying on the email scope right now. But I’m in agreement that the actual sending of the recovery code should be optional at the least.

This one will take a long time to make possible, by moving more and more of blockstack-browser into blockstack.js. I don’t know if we should condense it to a single github issue, or just look at it as a long term goal.

Confirmed and fixed via

I think that’s all of the issues I can comment on.

@wbobeirne – are you working the above two issues this sprint? It seems that way from github activity, and I’m just trying to track what issues are getting worked on.

  • Creating a react native example app that works with Android and iOS so that the many developers who want to use react native for their mobile blockstack app can do so - @shreyas and @friedger are coordinating on this. Android tracking issue:
  • Getting wallet functionality updated to bitcoinlib-js 4 and in a position to be shipped in blockstack.js
  • Developers want to know what happens when something goes wrong - this is both for their own knowledge while developing and so that they can show useful information to users. Our android SDK would also like to know what is happening when something goes wrong so that it can give users of its APIs useful info. Working on reviving our improved error codes branch and getting an initial version merged and shipped:

Okay – so to summarize. Here’s the issues from above that people are actively working on this sprint:

This would address “app private keys using the longer derivation path”.

Merging that PR will address “Profile data lost when acquiring name”.

This addresses “redirection is broken in iOS”

This doesn’t seem related to solving any bugs or issue reports from developers, and more related to providing a tutorial application.

@larry – do you have any links to devs asking and confused about errors? It would help us know whether or not we’ve improved error scenarios if we can point to some examples where the error message was opaque before, and now is much more clear.

“I tried to build a mobile app using react native and I couldn’t get it to work”

Here are some examples:

Changes to our iOS and potentially android SDKs need to be made so that they can be used with react native apps. The way to figure out what those are and address them is to make an example app.

Here’s an example: where a developer was confused because they didn’t realize they were trying to decrypt a file that wasn’t encrypted since there was no error message. This resulted in this issue being opened:

1 Like

Will be shipped as part of 0.2.0 this week. There’s a PR out for this, and I’ve pointed Stealthy to it. PR review is blocked by testing (just about done), after which 0.2.0 will go out.

1 Like