Release v1.7.0

[Jack-Works]

Fresh install tests

• On Firefox, as a new user
• On Chrome, as a new user
• On Firefox for Android, as a new user
• On Firefox, as a return user
• On Chrome, as a return user
• On Firefox for Android, as a return user

Upgrade install tests

• First, install and setup by release 1.6.0, then
• On Chrome, upgrade to 1.7.0 (could not decrypt all the others post before refreshing background page again)
• On Firefox, upgrade to 1.7.0 (1.6.0 crashes firefox, so not testable)
• On Firefox for Android, upgrade to 1.7.0 (not testable)

Release

• changelog
  • Release on Github
• Release new version on Chrome Web Store
• Release on Firefox Add-ons

Changes:

v1.6.0...29ef1c9

[Jack-Works]

1.7.0 (2019-10-11)

Bug Fixes

• a race condition in useValueRef (bc6004b)
• activeTabID mistakenly ignored (bc98d2e)
• add a startup to create facebook page on iOS (ccc6cf2)
• add a startup to create facebook page on iOS (b38be2a)
• also copy files on rebuild (7d0f3db)
• also patch background page (c88f236)
• background service not loaded (4592e0e)
• bind setTimeout to make AsyncComponent work (7b77c61)
• ci scripts (55c919b)
• debug mode does not work (e4ee7c6)
• debug mode hash wrong for version -39 or lower (3ad9e4e)
• disable open new tab by default on gecko & wk (ead28ff)
• disabling open tabs also disables fetch on background (31790fb)
• dispatch more event to ensure it works (cddff6e)
• duplicated env (ca8af16)
• error in i18n (0b3c194)
• hookUIPostMap (7867727)
• indexed db create store (a157bb1)
• mobile dev page and popup style (c5ab054)
• not setup prompt not dismissed after click; unused type on net id; (566a9b0)
• payload parameters; welcome banner problem; (190fb92)
• permissions polyfill firefox & wkwebview (644d819)
• permissions should not be polyfilled on firefox (d6c2a18)
• regression on Firefox (945104f)
• resolve review (10d7ca4)
• rework env injection and remove runtime detection (abd86d7)
• selector won't select post root elem on mobile (8ba73fa)
• store requested hosts to localStorage (5a21cdb)
• storybook isolatedModules (2b2ea2d)
• try close options-page on mobile (6416483)
• unhandled exception in injectWelcomeBannerFacebook (fa6b0f4)
• update to react-scripts-3.2.0+ (0f337c1)
• upgrade holoflows/kit to new spec (fe64ea0)
• upgrade holoflows/kit to new spec (ee9e02b)
• using wrong version of hashCryptoKey (b8ad080)
• webpackEnv is not defined (bf2dbe2)
• gecko: rework permission api (b72e1d2)
• ios: repeatedly scan qr (62a2a59)
• use stable hash in future payload to avoid unstable hash (95b05f1)
• verify failed hint string (06340d7)
• watch related changes to prevent dup insertion (33c2c31)
• locale: copyedit (680f123)
• add min-width to searchbox to ensure wrap (a927e04)
• adjust configurations to make eslint and tsc work better (5d7cffb)
• asmCrypto is not defined (87210f7)
• bring copy polyfills back (1efae8d)
• build error on ssr (b23e71b)
• check result of permission requests, fix #161 (287f3c8)
• ci build error (c4ed9e2)
• deprecation warning on Watcher.enableSingleMode (01cee54)
• drop shell for lint (d393c1d), closes nodejs/node#29532
• duplicated recipients on sharing posts (3cd6c5c)
• escape regex (4c4597b)
• forget about auto-creation; go chromium (5c32807)
• i18n text get ignored (6510883)
• inversed condition in getFontFamily (0a673e2)
• it is called firefox-desktop (29a342d)
• linter always lint all files instead of committed (c337642)
• logic error on getting user screen name (adf6ce0)
• make groupsRef optional in definition time (dff9889)
• manifest changed wrong (5c8ab6a)
• naming, shadow root, etc (6320d1c)
• organize polyfill testing in CSSR (faff2d4)
• polyfill not injecting css (7ef05c8)
• remove 'reflect-metadata' (56a4b22)
• remove deprecated usages (5841189)
• remove react-devtools on firefox nightly (a381b1c)
• switch does not response (f042c38)
• type 'undefined' is not assignable to type 'ValueRef<Person[]>' (c57f7a0)
• editorconfig: you shall not put these rules there (f2946c2)
• qr: QR scanning on firefox not working (8d1cbb8)
• toolchain: keep the profile and do argparse right (68f30a6)
• welcome: 1a1a display more than 1 selected identity (ec71ae4)
• resolveLastRecognizedIdentity partly functional (ac68f10)
• serializations related errors (70f35e6)
• ssr writes console message to generated files (2dd8028)
• throw on set style on disconnected node (ba6d8fa)
• trap click event to prevent a-tag behavior (09da441)
• treat anything as key (0d5a60d)
• Unexpected multiple outputs (d92de00)
• upgrade react-devtools to 4+ (1f8be98)
• use lazy regex (2b8969a)
• use null instead of undefined in worker verify method definition (d22003a)
• use system-ui font when possible (8153c2d)

Features

• add a confirm-reset logic to QR Scanner (22f1155)
• add a devtool to verify prove post manually (2ec353b)
• add a hint of all available services (e438f5b)
• add a nav back button for gecko & wk (4ac389d)
• add a new payload version v38 ("4/4") (ff9c49e)
• add a new settings "Disable fetching public keys ..." (0f282fc)
• add a switch for debug mode (310f00b)
• add commit hooks with linter (2b67f31)
• add conditional compilation (c45b2b2)
• add debug mode for PostInspector (243f208)
• add encoder/decoder to twitter (ae5b6b3)
• add field maskbookVersion in BackupFile (3d47195)
• add Group preview in Chip and ListItem (b1638b0)
• add key gen by mnemonic word (by a2 and Jack) (014f9d4)
• add manually decrypt post in devtools; remove retry button (1eb450f)
• add new ui for creating key in welcome (d2ccccf)
• add permission request popup (6880103)
• add Person Editor in devtool (aab6936)
• add post hash debug for post author (eb85c84)
• add SeeMyProvePost in devtools (e9137dc)
• allow payload transform (a4ea510)
• always show welcome on geckoview (c3f5a0e)
• audited by yisiliu, removed priv key as salt (3e03dfe)
• better dialog for requesting permission (0251a06)
• change representation of GroupIdentifier (3cb125b)
• comp SelectPeopleUI now can select groups (7dcce7b)
• create a default friend user group when create new identity (e1f3a17)
• encoder && decoder for twitter (d6b62ae)
• mnemonic words done (b1c5d7f)
• new createNewIdentityByMnemonicWord and deprecates old fn (03f44ba)
• rewrite stableHash (b6b23bc)
• ci: add real cond compilation (0f706de)
• create user group for old users (ee1423d)
• enable friendship guess from bio page (02ce043)
• impl updateUserGroupDatabase, add/removePersonToFriendsGroup (7cc3f74)
• make web-ext a plugin for webpack (7b94e5a)
• optimise font for CJK languages (37d886f)
• pasteIntoPostBox on twitter (1740ab8)
• PeopleInList => PersonOrGroupInList (aaf48e3)
• PersonInChip => PersonOrGroupInChip (09975d7)
• reserve commands for chromium and debugging (f550344)
• taskGetPostContent (fb2cbe8)
• twitter fetch module (a4ca535)
• update friendship cert to [#168] (9f15753)
• upgrade @kit and add a DOMProxy debugger (680a2fc)
• upgrade @kit to enable Watcher debugger (1cc982a)
• upgrade @holoflows/kit and adopt LiveSelector's enhancer (20060af)
• db: impl createUserGroupDatabase (b821087)
• db: impl deleteUserGroupDatabase, queryUserGroup(s)Database (1830297)
• db: merge person from myself and people (723f9c0)
• remove publicKey hardcoded encode or decode part (25d4640)
• taskPasteIntoBio of twitter (4f5d30d)
• use AsyncGeneratorCall to impl decryptFrom (c386583)
• use json file and direct modify (7bd6269)
• use manifest generator to generate manifests (279e3e1)
• PostBox: add all people to selection by default (d81ae9c)

Reverts

• "chore(deps): bump gun from 0.2019.422 to 0.2019.930" (c74636b)
• "fix: asmCrypto is not defined" (e38cefd)

[Artoria2e5]

Apologies for being laaaaaate to the new payload party, but we really can just get away with only hashing x as long as we are on EC. Let's fix that before -38 gets released and formalized. And may I ask what's exactly in the hashPair? Is somehow derived from the name K256? If not, we should fix that with something like jwk.kty + jwk.alg as salt.

PS: I don't see the point of doing a PBKDF2 on a public key when all we need is a fingerprint. Gun.SEA.work can use SHA-256.

[Jack-Works]

hashPair is a random UUID. You can think it is some type of salt but shared to generate a stable output between clients.

[Jack-Works]

jwk.x or jwk.x + jwk.y is not important, we just need a hash, does the current way looks good to you?

[Artoria2e5]

No, because by only hashing the points we are throwing away algorithmic information previously provided by hashing the entire thing. This breaks the #191 mandate of being able to stably process a multitude of curves.

[Jack-Works]

You can see we cut the N chars of the hash. return hash.substring(0, N).

This is not a full hash, it's more like a "partition"

[Artoria2e5]

"Hashing the entire thing" does not mean taking the full hash. It means that we used to hash the entire JWK object, which contained information about the algorithm in jwk.kty + jwk.alg. We are not including it anymore, which is a short-sighted view especially given that the current salt has no use.

You are trying to go through this quick by dismissing everything without reading them through.

[Jack-Works]

The design here is from the https://github.com/DimensionDev/Maskbook/wiki/Data-structure-on-Gun-version-2 . Maskbook is only using the a part of "feature" of the key, it should be stable, but it's content is not important