London Planning Recap

Mon, 20 Jun 2016 09:16:28 -0700 

It's always reinvigorating seeing everyone. Thanks to all who could make it!

I wanted to recap what seemed like the priorities we ended with during
our Friday
planning meeting
<https://docs.google.com/a/mozilla.com/document/d/1rAJ9Sm2QPKZPOBleqTBEGevLExMPHQvTXngASr4n3IM/edit?usp=sharing>
.

*First priority is to ship "signin confirmation".* We're close. This is the
biggest impact we can make to improve security for our users. Let's secure
them.

Afterwards:

   - Security
      - IP blocklist
      - Send less sign-in confirmation emails based on IP history
         - Should reduce frustration for a majority of users
         <https://sql.telemetry.mozilla.org/queries/526#878>
      - E-mail "captcha"
         - Provide UX and a link to override rate limiting
         - Uses sign-in confirmation, with altered copy
      - Location data in sign-in confirmation email
         - "Please confirm your sign-in attempt from Mountain View, USA"
      - 3rd-party security audit
   - UX
   - Measure more things
         - Big number / graph to see each week
            - Mean (median?) page load
            - 95th% page load
         - Time "connecting" assets
            - To know how much http2 would save
         - Time from firstrun to sigin form usable
      - Conditionally load crypto
         - Load while user is filling out form
         - Remove assertions entirely (!)
            - requires coordination with oauth server to accept
            sessionTokens
         - OAuth for Context Graph
   - "Disconnect" an oauth token (devices and services)
      - OAuth API for Sync
   - Quality
   - nodejs 4.0 LTS
         - 0.10 EOL is October <https://github.com/nodejs/LTS#lts_schedule>
         - All repos pass tests on 4.0
         - Docker makes this easier, but dockerization may take too long
      - utf8mb4
         - In place change
         - Since we've been truncating anyways, the change should Just Work™
         - Stored procedures will need it separately

Did I get everything? Did I properly describe everything? Is this really
all for Q3? This looks like a lot, more likely for a "rest of the year"
type thing.

If this looks right, next step is to make sure we have features in Aha!,
and issues filed for each piece.

_______________________________________________
Dev-fxacct mailing list
[email protected]
https://mail.mozilla.org/listinfo/dev-fxacct

Reply via email to