Audius | Backend Software Engineer | San Francisco, CA | ONSITE | Full Time
Audius is a decentralized, community-owned, and artist-controlled music-sharing protocol. Audius provides a blockchain-based alternative to SoundCloud to help artists monetize their work and distribute it directly to fans. The company building Audius has been backed by General Catalyst, KPCB, Lightspeed, and Pantera. And we launched last week! For more about the project, see audius.co and audius.org
We are seeking backend engineers to help architect and build the Audius protocol. You are a collaborative, team player that enjoys working on small teams and solving big problems. You are open to experimenting to come up with novel innovative solutions, have the tenacity and drive to solve problems, and don’t give up easily.
Key Responsibilities
* Design, architect and build the Audius protocol
* Develop the set of services that run on the decentralized Audius ecosystem
Skills and Experience
* 3+ years of software engineering experience
* At least 1 year of experience building web services using Python, Go, or NodeJS
* Experience building distributed systems on platforms such as Docker or Kubernetes
* Great interpersonal and communication skills within a small team
Bonus Points
* Experience working with a start-up
* Previous experience with Blockchain
* Interest in music
This is why we recommend that you audit all 3rd-party Javascript in your app for accesses to localstorage, and avoid sourcing 3rd-party javascript from uncontrolled origins (the code could be switched out from under you if it is not baked into your application)
The post message model is an interesting one - we looked into designing Hedgehog in that way, but decided it ultimately did not help solve this issue and created unnecessary complexity. If you include Javascript from libraries or other origins on your page, eg. Google Analytics, that Javascript could still post-message into your iframe.
Perhaps we are wrong here though! Is FinneyFor open-source? Would love to see how this is implemented.
We don't have any other js libraries on FinneyFor so there would never be that problem.
Auditing the source code of all libraries is a tall order. And, even if you don't find a bug, there still might be some that someone else could exploit with bugs in your code and the js libraries.
True - was answering the general case of password change, eg. some folks like to rotate passwords every so often in the absence of a known leak or breach.
In the case of a compromised password the entire wallet should be abandoned.
The existing issues with ETH are why we currently use POA network for the Audius private beta. POA network has its own set of issues, but the 1) fast transaction confirmation time, 2) low fees, and 3) lack of congestion make it a great testbed for us.
FWIW, Hedgehog works with any web3-compliant API, in our case core.poa.network but could be any other one of developer's choosing eg. Infura
Hey all - I'm Roneil, one of the cofounders of Audius. We built Hedgehog to solve a specific pain point we faced - how can we get non crypto-native / non-technical users to sign up for a decentralized app? Current onboarding flows using Metamask and other alternatives were too cumbersome, time-consuming, and restrictive for our needs. We needed a way to generate a wallet on behalf of a user without them even knowing crypto was operating behind the scenes.
Hedgehog lives in your front end Javascript code. A user enters a username (or email) and password, which is used to secure a set of encrypted auth artifacts that are generated client-side and stored in the browser’s localStorage / on your (the application developer's) server. In this way, the encrypted auth artifacts can be retrieved and consumed on secondary devices without centralizing custody and control of the private key.
If the centralized server hosting the keys goes down, users can continue to access their wallet on the devices they already have. If the centralized server is compromised or operated by bad actors, the resources required to decrypt a stored auth artifact would be immense. However - this is why we recommend using Hedgehog only in low-to-no financial value use cases.
This approach is not without tradeoffs - but for the right use-cases we believe this will provide a needed alternative.
Assuming you've seen that project, how does Hedgehog compare?
Do you have recommendations on handling the initial funding of a wallet, especially for your target market of non-technical users? (after they have the wallet, how do they obtain ETH or other tokens to get started?)
We haven't seen that before, looks cool! The approach may be similar, but we packaged Hedgehog as a standalone / documented library to be consumed directly by developers. In looking briefly I wasn't able to ascertain how the private key is stored / propagated between devices in his model so it's hard to comment more precisely.
The approach we've taken at Audius on initial funding is to avoid funding the wallet entirely - we use EIP-712 signatures combined with a trustless transaction relay service that pays gas / submits EIP-712 signed transactions on-chain on behalf of users. In this way, the user wallet never holds any tokens but is still used to secure access to their account. We'll be open-sourcing our contracts and infrastructure code soon, but here's a good public example of this model in action: https://github.com/hellobloom/core/tree/master/contracts
That said, other folks may decide to use Hedgehog differently - perhaps you integrate with something like Wyre (https://www.sendwyre.com/) to help users fund their wallet client-side without knowing that crypto is there.
Probably late summer / early Fall! Want to make sure the developer experience is high-quality at time of open-sourcing, but we're testing now / onboarding artists in a private beta.
Very similar from a meta-transaction standpoint, but ours is simple and centralized (albeit trustless due to the tx signing model). This is much cooler!
Hey Roneil, I'm really new to crypto development and I'm having a hard time finding crypto communities for developers (the one who builds stuff). I've checked out eth's forum but it's not really developer focused, it's too general.
Where do you usually hang out? I would like to learn more about building crypto stuff and would like to participate in a community. Can you point me in the right direction?
Thank you!
PS: I have completely no idea what Audius is about, but it sounds cool. Good luck!
Hi there! Unfortunately I haven't found any high-quality online communities of crypto builders - most of my connections to other folks building are offline / irl. Would encourage you to attend local developer groups to get to know others in the space!
There are tons of helpful resources online though, as lots of folks write tutorials and other things. Googling most problems you face will yield good results.
Oh wow that's really unfortunate. I met some crypto people locally but almost all of them are trading focused. I also attended some "blockchain events" but most of them are just people shilling their coins/how to become a better trader.
Maybe I haven't tried hard enough finding the builders.
Thank you Roneil, and good luck on your endeavors!
Sorry to hear that - I've had good experiences in the past at Hackathons and other developer-focused events rather than general "crypto" or "blockchain" events.
It looks very cool. Just skimming the documentation, there isn't anything on how to perform actual wallet functions, or whether encrypt/decrypt data using public/private keys is available (which is something I'd find super useful!). Am I missing it, or is it just a matter of looking through the code?
Thanks for making something as cool as this open source!
Has there been any thought as to how the REST API + database side of this could be replaced with ipfs/swarm? I'm not sure how it would work, and there would likely be additional trade-offs, but it would be nice if the "D" in DApps could be retained in full.
There has! This could be a great approach - eg. a network of folks committed to supporting users in this manner could operate IPFS nodes that re-pin the encrypted keys.
We are also thinking about offline ways to share the key such that the centralized side is not required - eg. a QR code displayed on one device and scanned by another to propagate the wallet. This creates a problem if a user loses all of their devices though.
I'm part of the team that develops the Embark Framework and it would be awesome to rehash our decentralized Reddit tutorial using a fully decentralized Hedgehog.
As for the QR code getting lost, that's a good point, but the user could always be encouraged to make a physical copy and keep it in a desk drawer, and/or store it electronically somewhere else (e.g. Dropbox or 1Password) "just in case".
Maybe hit us up via GitHub or Gitter or Twitter if/when Hedgehog provides a fully decentralized option/s (as discussed above). At that point I think the Embark team would be really excited to leverage it in a new or refreshed tutorial series.
Awesome job! I love that you are addressing the UI/UX challenges of non technical users. Have you considered some type of integration with Keybase's social proofs and paper seed QR code for cross signing and revoking keys? I'm part of a research cohort hosting a month long series of workshops and hackathons on making emerging Web3 capabilities more accessible, at NYU ITP Camp in NYC in June. Perhaps we can play around with something. Will dive into the code for inspiration. Thanks for this great project!
We did not want to require use of Keybase to use our dapp Audius, though I could see it making a lot of sense to offer a keybase integration as a potential option.
FWIW, Audius still supports Metamask too - web3 is all about giving users choice from our perspective.
Right now Hedgehog is specific to the Ethereum account model (eg. POA network and others use this too), but there's no reason the approach couldn't be extended to work with other chains.
You could replace the use of 'ethereumjs-wallet/hdkey' with any other chain wallet library if it is compatible with the BIP-39 style HDWallet structure. Bitcoin and many other blockchains have compatible libraries that could be substituted easily!
There is not - this is the biggest deficiency of Hedgehog today. Without centralized custody of keys, it's not possible to have someone prove their ownership of a given key to a centralized party in order to unlock it. The key is encrypted, so the application provider nor anyone else can decrypt it without the user's username/password combination. This tradeoff is both a good thing and a bad thing in our view.
That said, there is a mechanism for changing your password if you are already signed in.
We are considering some mechanisms for fallbacks, eg using a threshold cryptosystem with multiple private keys and a 1 or 2 of n requirement, such that if a user forgets the way to generate one of the n keys they may still remember a way to generate the other(s). If you're curious, more on these schemes here: https://en.wikipedia.org/wiki/Threshold_cryptosystem
We feel these tradeoffs make sense to enable more mainstream adoption of cryptocurrencies, but they are tradeoffs; for certain types of applications the cost of losing control of an account is too high for this approach to make sense.
KPCB Edge (Seed initiative at Kleiner Perkins) | Developer in Residence | San Francisco, CA | Temporary (3-6 months) | Onsite
Hey HN!
We're KPCB Edge, Kleiner Perkins' seed-stage initiative, and we're looking for a full-stack software engineer to join us for a few months in our San Francisco office. The role would be a great opportunity to work on some projects with us and figure out what your next move might be, whether that's starting a company, joining a company, or something else entirely. There's a bit more info up here: https://www.kpcbedge.com/roles
To tell you more about us, we spend half our time investing and half our time building products to try to solve common problems faced by the founders we're investing in (happy to explain this further directly). Everyone in the partnership is technical, and we ship code for the aforementioned products ourselves. More about our current team here: https://www.kpcbedge.com/team and our portfolio: https://www.kpcbedge.com/portfolio (includes 3 YC companies)
KPCB Edge (Seed initiative at Kleiner Perkins) | Designer | San Francisco, CA | Temporary (7-9 months) | Onsite
Hey HN!
We're KPCB Edge, Kleiner Perkins' seed-stage initiative, and we're looking for a designer to join us for 9 months in our San Francisco office. The role would be a great opportunity to work on some projects with us and figure out what your next move might be, whether that's starting a company, joining a company, or something else entirely. There's a bit more info up here: https://www.kpcbedge.com/roles
To tell you more about us, we spend half our time investing and half our time building products to try to solve common problems faced by the founders we're investing in (happy to explain this further directly). Everyone in the partnership is technical, and we ship code for the aforementioned products ourselves. More about our current team here: https://www.kpcbedge.com/team and our portfolio: https://www.kpcbedge.com/portfolio (includes 3 YC companies)
KPCB Edge (Seed initiative at Kleiner Perkins) | Full-stack Software Engineer | San Francisco, CA | Temporary (7-9 months) | On Site
Hey HN!
We’re KPCB Edge, Kleiner Perkins’ seed-stage initiative, and we’re looking for a full-stack software engineer with React experience to join us for 9 months in our San Francisco office. The role would be a great opportunity to work on some data-heavy projects with us and figure out what your next move might be, whether that’s starting a company, joining a company, or something else entirely. There’s a bit more info up here: https://www.kpcbedge.com/roles
To tell you a bit more about us, we spend half our time investing and half our time building products to try to solve common problems faced by the founders we’re investing in (happy to explain this further directly). Everyone in the partnership is technical, and we ship code for the aforementioned products ourselves. More about our current team here: https://www.kpcbedge.com/team and our portfolio: https://www.kpcbedge.com/portfolio (includes 3 YC companies)
KPCB Edge (Seed initiative at Kleiner Perkins) | Full-stack Software Engineer | San Francisco, CA | Temporary (9 months) | On Site
Hey HN!
We’re KPCB Edge, Kleiner Perkins’ seed-stage initiative, and we’re looking for a full-stack software engineer with React experience to join us for 9 months in our San Francisco office. The role would be a great opportunity to work on some data-heavy projects with us and figure out what your next move might be, whether that’s starting a company, joining a company, or something else entirely. There’s a bit more info up here: https://www.kpcbedge.com/roles
To tell you a bit more about us, we spend half our time investing and half our time building products to try to solve common problems faced by the founders we’re investing in (happy to explain this further directly). Everyone in the partnership is technical, and we ship code for the aforementioned products ourselves. More about our current team here: https://www.kpcbedge.com/team and our portfolio: https://www.kpcbedge.com/portfolio (includes 3 YC companies)
KPCB Edge (Seed initiative at Kleiner Perkins) | Full-stack Software Engineer | San Francisco, CA | Temporary (9 months) | On Site
Hey HN!
We’re KPCB Edge, Kleiner Perkins’ seed-stage initiative, and we’re looking for a full-stack software engineer with React experience to join us for 9 months in our San Francisco office. The role would be a great opportunity to work on some data-heavy projects with us and figure out what your next move might be, whether that’s starting a company, joining a company, or something else entirely. There’s a bit more info up here: https://www.kpcbedge.com/roles
To tell you a bit more about us, we spend half our time investing and half our time building products to try to solve common problems faced by the founders we’re investing in (happy to explain this further directly). Everyone in the partnership is technical, and we ship code for the aforementioned products ourselves. More about our current team here: https://www.kpcbedge.com/team and our portfolio: https://www.kpcbedge.com/portfolio (includes 3 YC companies)
Audius is a decentralized, community-owned, and artist-controlled music-sharing protocol. Audius provides a blockchain-based alternative to SoundCloud to help artists monetize their work and distribute it directly to fans. The company building Audius has been backed by General Catalyst, KPCB, Lightspeed, and Pantera. And we launched last week! For more about the project, see audius.co and audius.org
We are seeking backend engineers to help architect and build the Audius protocol. You are a collaborative, team player that enjoys working on small teams and solving big problems. You are open to experimenting to come up with novel innovative solutions, have the tenacity and drive to solve problems, and don’t give up easily.
Key Responsibilities * Design, architect and build the Audius protocol * Develop the set of services that run on the decentralized Audius ecosystem
Skills and Experience * 3+ years of software engineering experience * At least 1 year of experience building web services using Python, Go, or NodeJS * Experience building distributed systems on platforms such as Docker or Kubernetes * Great interpersonal and communication skills within a small team
Bonus Points * Experience working with a start-up * Previous experience with Blockchain * Interest in music
If interested, email us! careers+hn@audius.co