Audius | Backend Software Engineer | San Francisco, CA | ONSITE | Full Time
Audius is a decentralized, community-owned, and artist-controlled music-sharing protocol. Audius provides a blockchain-based alternative to SoundCloud to help artists monetize their work and distribute it directly to fans. The company building Audius has been backed by General Catalyst, KPCB, Lightspeed, and Pantera. And we launched last week! For more about the project, see audius.co and audius.org
We are seeking backend engineers to help architect and build the Audius protocol. You are a collaborative, team player that enjoys working on small teams and solving big problems. You are open to experimenting to come up with novel innovative solutions, have the tenacity and drive to solve problems, and don’t give up easily.
Key Responsibilities
* Design, architect and build the Audius protocol
* Develop the set of services that run on the decentralized Audius ecosystem
Skills and Experience
* 3+ years of software engineering experience
* At least 1 year of experience building web services using Python, Go, or NodeJS
* Experience building distributed systems on platforms such as Docker or Kubernetes
* Great interpersonal and communication skills within a small team
Bonus Points
* Experience working with a start-up
* Previous experience with Blockchain
* Interest in music
This is why we recommend that you audit all 3rd-party Javascript in your app for accesses to localstorage, and avoid sourcing 3rd-party javascript from uncontrolled origins (the code could be switched out from under you if it is not baked into your application)
The post message model is an interesting one - we looked into designing Hedgehog in that way, but decided it ultimately did not help solve this issue and created unnecessary complexity. If you include Javascript from libraries or other origins on your page, eg. Google Analytics, that Javascript could still post-message into your iframe.
Perhaps we are wrong here though! Is FinneyFor open-source? Would love to see how this is implemented.
Sorry to hear that - I've had good experiences in the past at Hackathons and other developer-focused events rather than general "crypto" or "blockchain" events.
Hi there! Unfortunately I haven't found any high-quality online communities of crypto builders - most of my connections to other folks building are offline / irl. Would encourage you to attend local developer groups to get to know others in the space!
There are tons of helpful resources online though, as lots of folks write tutorials and other things. Googling most problems you face will yield good results.
We did not want to require use of Keybase to use our dapp Audius, though I could see it making a lot of sense to offer a keybase integration as a potential option.
FWIW, Audius still supports Metamask too - web3 is all about giving users choice from our perspective.
Very similar from a meta-transaction standpoint, but ours is simple and centralized (albeit trustless due to the tx signing model). This is much cooler!
Probably late summer / early Fall! Want to make sure the developer experience is high-quality at time of open-sourcing, but we're testing now / onboarding artists in a private beta.
True - was answering the general case of password change, eg. some folks like to rotate passwords every so often in the absence of a known leak or breach.
In the case of a compromised password the entire wallet should be abandoned.
We haven't seen that before, looks cool! The approach may be similar, but we packaged Hedgehog as a standalone / documented library to be consumed directly by developers. In looking briefly I wasn't able to ascertain how the private key is stored / propagated between devices in his model so it's hard to comment more precisely.
The approach we've taken at Audius on initial funding is to avoid funding the wallet entirely - we use EIP-712 signatures combined with a trustless transaction relay service that pays gas / submits EIP-712 signed transactions on-chain on behalf of users. In this way, the user wallet never holds any tokens but is still used to secure access to their account. We'll be open-sourcing our contracts and infrastructure code soon, but here's a good public example of this model in action: https://github.com/hellobloom/core/tree/master/contracts
That said, other folks may decide to use Hedgehog differently - perhaps you integrate with something like Wyre (https://www.sendwyre.com/) to help users fund their wallet client-side without knowing that crypto is there.
Right now Hedgehog is specific to the Ethereum account model (eg. POA network and others use this too), but there's no reason the approach couldn't be extended to work with other chains.
You could replace the use of 'ethereumjs-wallet/hdkey' with any other chain wallet library if it is compatible with the BIP-39 style HDWallet structure. Bitcoin and many other blockchains have compatible libraries that could be substituted easily!
There has! This could be a great approach - eg. a network of folks committed to supporting users in this manner could operate IPFS nodes that re-pin the encrypted keys.
We are also thinking about offline ways to share the key such that the centralized side is not required - eg. a QR code displayed on one device and scanned by another to propagate the wallet. This creates a problem if a user loses all of their devices though.
The existing issues with ETH are why we currently use POA network for the Audius private beta. POA network has its own set of issues, but the 1) fast transaction confirmation time, 2) low fees, and 3) lack of congestion make it a great testbed for us.
FWIW, Hedgehog works with any web3-compliant API, in our case core.poa.network but could be any other one of developer's choosing eg. Infura
There is not - this is the biggest deficiency of Hedgehog today. Without centralized custody of keys, it's not possible to have someone prove their ownership of a given key to a centralized party in order to unlock it. The key is encrypted, so the application provider nor anyone else can decrypt it without the user's username/password combination. This tradeoff is both a good thing and a bad thing in our view.
That said, there is a mechanism for changing your password if you are already signed in.
We are considering some mechanisms for fallbacks, eg using a threshold cryptosystem with multiple private keys and a 1 or 2 of n requirement, such that if a user forgets the way to generate one of the n keys they may still remember a way to generate the other(s). If you're curious, more on these schemes here: https://en.wikipedia.org/wiki/Threshold_cryptosystem
We feel these tradeoffs make sense to enable more mainstream adoption of cryptocurrencies, but they are tradeoffs; for certain types of applications the cost of losing control of an account is too high for this approach to make sense.
Hey all - I'm Roneil, one of the cofounders of Audius. We built Hedgehog to solve a specific pain point we faced - how can we get non crypto-native / non-technical users to sign up for a decentralized app? Current onboarding flows using Metamask and other alternatives were too cumbersome, time-consuming, and restrictive for our needs. We needed a way to generate a wallet on behalf of a user without them even knowing crypto was operating behind the scenes.
Hedgehog lives in your front end Javascript code. A user enters a username (or email) and password, which is used to secure a set of encrypted auth artifacts that are generated client-side and stored in the browser’s localStorage / on your (the application developer's) server. In this way, the encrypted auth artifacts can be retrieved and consumed on secondary devices without centralizing custody and control of the private key.
If the centralized server hosting the keys goes down, users can continue to access their wallet on the devices they already have. If the centralized server is compromised or operated by bad actors, the resources required to decrypt a stored auth artifact would be immense. However - this is why we recommend using Hedgehog only in low-to-no financial value use cases.
This approach is not without tradeoffs - but for the right use-cases we believe this will provide a needed alternative.
Audius is a decentralized, community-owned, and artist-controlled music-sharing protocol. Audius provides a blockchain-based alternative to SoundCloud to help artists monetize their work and distribute it directly to fans. The company building Audius has been backed by General Catalyst, KPCB, Lightspeed, and Pantera. And we launched last week! For more about the project, see audius.co and audius.org
We are seeking backend engineers to help architect and build the Audius protocol. You are a collaborative, team player that enjoys working on small teams and solving big problems. You are open to experimenting to come up with novel innovative solutions, have the tenacity and drive to solve problems, and don’t give up easily.
Key Responsibilities * Design, architect and build the Audius protocol * Develop the set of services that run on the decentralized Audius ecosystem
Skills and Experience * 3+ years of software engineering experience * At least 1 year of experience building web services using Python, Go, or NodeJS * Experience building distributed systems on platforms such as Docker or Kubernetes * Great interpersonal and communication skills within a small team
Bonus Points * Experience working with a start-up * Previous experience with Blockchain * Interest in music
If interested, email us! [email protected]