Happy New Year! 2019 was an exciting year for us - we finally reached the point where we could release the Signata beta to the public, and the product has evolved massively since then. So where will 2020 take us? We don't know yet, but I'd like to share with you what's been happening so far.
ShapeShift Integration, and moving to Hooks
One of the main features that will be available soon is our integration with ShapeShift. We've built 99% of this feature, however the last 1% for us to do is adding in the ability for you, as users, to sign in with your ShapeShift account to let us conduct trades on your behalf.
While this sign in process is pretty straightforward, we realised we could take the opportunity to refresh the Signata website to use React Hooks, which are relatively new and offer huge performance and manageability boosts. We've overhauled most of the desktop application, and we're working through the website overhaul now. The biggest lesson we learned from our original React+Redux build was that it can easily grow into quite a complicated codebase once the workflows get complicated enough. Devices like YubiKeys can have a multitude of errors happen at any stage (e.g. USB dropouts, invalid PINs, user unplugs the device, etc.) and accounting for all of these within Redux got a little crazy, and we had a few bugs lingering where these error states weren't getting caught properly.
In the end we've been able to remove huge amounts of code as we've simplified our React containers into more manageable hooks-based components, and thus can (in the longer term) release more features to you, the end users.
Changelly, CryptoAPIs, and 3rd Party Exchanges
Changelly is a service very similar to ShapeShift, offering the ability to trade between cryptocurrencies. We'll be adding them in once we've tested ShapeShift.
CryptoAPIs is a "Blockchain-as-a-Service" provider that we've started the integration work with too. These guys offer a service similar to Blockcypher, whom we currently use, but with a few extra chains supported. At the moment Signata relies on these BaaS services to be the underlying transaction provider for your wallets - you don't need to run any chains yourself, as these providers operate the large amounts of infrastructure needed to publish updates to the networks.
Why don't we operate our own BaaS? That's something we've got on the drawing board, but only if we can afford to operate nodes on the chains ourselves. Operating our own would open us up to supported even more chains, which is something we'd love to do longer term.
And speaking of more chains, we also started the integration work with 3rd party exchanges via the CCXT library. This library is quite amazing, but we quickly learnt that the main feature we wanted to implement first (depositing and withdrawing crypto from the exchanges to Signata) only works out of the box for a very small number of exchanges. Specific integrations will require us to develop and thoroughly test the integration, which is very time consuming, especially as these exchanges usually provide no mechanism to run test code against them, and we have to effectively register our own accounts with them and deposit real money into them. We're considering our options moving forward, but most likely we will focus on the most popular exchanges on the market and integrate them one-by-one, and if you want us to prioritise any in particular just let us know in the comments here, or via email (firstname.lastname@example.org).
With the focus on exchange & trading integration we haven't had the chance yet to integrate Nitrokeys, but rest assured we have a big overhaul of the way we communicate to devices in the works. We're looking to move to a gRPC-based approach to all device communication, which will massively improve performance and security, and also let us decouple our desktop application from some dependencies on some 3rd party libraries. The 3rd party libraries are rock-solid, but are still dependencies that are outside of our control.
We have this gRPC capability currently working as a pilot, we just need to overhaul the integration points with the desktop application before we push it to the public.
Ideas still in the upper atmosphere
We want to keep adding features to the product to get more value out of your devices, instead of just focusing on cryptocurrency use. We've added a new feature recently that does this called Secure Notes - effectively we're using the exact same encryption capability that we use for your cryptocurrency wallet to create and protect free text notes, so you can safely store important data such as passphrases to password managers, or emergency unlock codes.
Extending this further we're thinking we could add integrations to improve your personal information security, such as the storage of VPN connection credentials, or maybe integration with other password manager applications. What would you like to see, or would like to be able to use your YubiKey to unlock? Let us know in the comments!
Phone apps are also in the pipeline, but further back. We want to prioritise this, but only if there's a real value-add we can offer or high demand for the feature. With the way our product is architected we shouldn't have too much trouble extending to iOS and Android, but we only want to do this if we can ensure communication to YubiKeys and other devices is still fully capable and secure.
The hardest part of being a fledgling startup is managing our finite resources, but we're still confident we'll bring a whole slew of features to you this year, and hopefully officially move the product out of being in "beta" to full-blown production! Every feature is for you, our users, so just let us know what sucks, what's great, and what you'd like to see next, and stay tuned here for updates!
p.s. When the next major desktop application version is released, we'll have the macOS version sent through the notarization process. There's a chance we'll have issues with that, but if not then this should ensure Signata will pass the gatekeeper security process for Mac.