Radar 11

[chadwhitacre]

What are you working on this week and why?

last week

[chadwhitacre]

We've got three security issues in Freshdesk that I need to handle.

Beyond that, reviewing hotspots, I'm seeing that releasing 1.0 balances is done, but now account closing is getting hotter. Braintree's risk checking is still live, but we did bring our decline rate way down last week so hopefully we can resolve that soon. I've got a little more banking to do this week to back out our move to Citizens (#240, #241).

Zipmark depends on Risk Program, and they need to be done by a week from Thursday to avoid disrupting a payout cycle.

Payroll is evolving in my thinking into ... Gratipay 2.1.

• Gratipay 2.0: Payments and payroll for open work.
• Gratipay 2.1: Payments and payroll for open companies.

Liberapay is almost online, which means we're about to have an even closer competitor than Patreon or Assembly. Dunno about you, but that lights a :fire: under my butt. :)

[chadwhitacre]

Silly blockdiag. :)

[techtonik]

My focus this week seems to be on Aspen. While trying to update inside.gratipay.com dependencies, I run into issue with insufficient documentation about changes in API:

• [ ] https://github.com/gratipay/aspen-python/issues/436

Then there is a test PR for looking if Aspen site is being auto-built:

• [x] https://github.com/gratipay/aspen-python/pull/434 (no, it is not)

Then there is a proposal to change Aspen conventions to some defaults that don't clutter the project directory and can work out of the box with just running aspen.

• [ ] https://github.com/gratipay/aspen-python/issues/436

[chadwhitacre]

This looks to me like we've got two to four more weeks of slogging, before we can honestly say that we survived the Balanced shutdown and everything that meant for us. Once we reach that milestone, we can briefly pop open the champagne, and then I think we need to dive headlong into:

• cleaning up our product
• building up our user community
• cleaning up our codebase
• building up our contributor community

The Balanced shutdown has given us something very compelling to rally around. Over the next month we're going to need to transition from reacting-to-a-crisis to getting-on-with-our-mission, and the challenge will be to conserve our momentum in the process.

                          :full_moon:

Onward! :rocket:

[chadwhitacre]

@techtonik Cool. Ping @pjz if you get stuck.

[chadwhitacre]

Gratipay 2.1: https://github.com/gratipay/gratipay.com/issues/3399#issuecomment-112110512.

[chadwhitacre]

I've been :swimmer: in https://github.com/gratipay/gratipay.com/issues/2449#issuecomment-107104800 this morning. Hopefully after lunch I can start converging on a plan for #119.

[techtonik]

@whit537 we should not remove the tips-giving ability from person to person. It can be shaped into killer feature of letting big companies match donations to people that specific person finds important. It can become a corporate responsibility thing to give back to open source community when project authors run out of funds and time to maintain their software and resort to pursue a job.

Therefore it is important to preserve the graph of donations as it was at the time of Gratipocalypse. Even if it will operate with fake funds (% of some weekly "personal credits") until legal uncertainty with such tips is clarified (it may happen that sums under $5 a month from all sources or from each single person are not regulated/taxable with no strings attached). I also don't know "if donation value starts to decline when there is insufficient funds to distribute", so if we have periodic backups of donation graph - that would be most helpful.

[chadwhitacre]

I'm taking a pass through support.

[chadwhitacre]

Inbox 1, GitHub 0, Support 3. :sleeping:

[ehmatthes]

Payroll is evolving in my thinking into ... Gratipay 2.1.

Gratipay 2.0: Payments and payroll for open work. Gratipay 2.1: Payments and payroll for open companies.

This is interesting to read as a user. 1.0 -> 2.0 was a significant change in thinking about getting support as an individual, to getting support for open projects. The transition has been good, because it's pushed my thinking toward making it as easy as possible for others to collaborate on my projects.

The change here, from 2.0 -> 2.1, seems even more significant. My two main projects are solo efforts right now, but should invite collaboration as they continue to evolve. I know I want to facilitate collaboration, but I'm not sure yet that I want to grow them into open companies. Do I want to create a nonprofit? An LLC? An open company?

I guess I have one clarification for now. Are you using the term open company formally, or loosely? Can I make a nonprofit that's an open company in gratipay's eyes?

(At my school we speak of lowercase portfolios, and capital Portfolios. A portfolio is a collection of student work that hasn't been discarded; a Portfolio is a formal collection of student work intended to document learned skills and knowledge. Are you talking Open Companies, or open companies?)

[chadwhitacre]

Are you using the term open company formally, or loosely?

@ehmatthes Loosely.

Can I make a nonprofit that's an open company in gratipay's eyes?

Yes!

Do I want to create a nonprofit? An LLC? An open company?

It's fine to start as a sole proprietorship. :)

[chadwhitacre]

Inbox 3, GitHub 0, Support 19.

[chadwhitacre]

We've received a spate of security reports. I've sent initial replies to all of the researchers, and I've created repos for some of them, but I'm going to wait for #255 to play out before processing the rest. Looks like we may switch to HackerOne from our home-grown GitHub-private-repo-based system for managing security issues.

[kaguillera]

Considering looking at https://github.com/gratipay/gratipay.com/issues/3560. is this blocked by anything?

[chadwhitacre]

Discussed IRL w/ @kaguillera: gratipay/gratipay.com#3560 is more than a simple SQL query update, it requires rewiring the cache updating machinery.

[chadwhitacre]

Down to Support 7. I triaged the security vulnerabilities. I see one that's medium risk, but none that are high risk. I'm looking forward to trying out HackerOne (#255).

[chadwhitacre]

@kaguillera is on gratipay/gratipay.com#3514.

[chadwhitacre]

Support 6.

[chadwhitacre]

Diving back into https://github.com/gratipay/inside.gratipay.com/issues/119 ...

[chadwhitacre]

Alright, dialing back out of #119, somewhat :disappointed:. Gonna run payday: https://github.com/gratipay/gratipay.com/issues/3566.

[chadwhitacre]

Wow. The end of Balanced. :postal_horn:

[chadwhitacre]

I'm proposing at https://github.com/gratipay/gratipay.com/issues/67#issuecomment-113312604 that we drop back to PayPal-only for payouts. That would carry us through the end of the Balanced Shutdown.

[chadwhitacre]

Support 7.

[chadwhitacre]

I'm consulting today.

[chadwhitacre]