Seems like a lot of people are saying the airdrop and integrating Stellar to Keybase was a bad idea, but I don't think so. There's a lot I like in the Stellar-Keybase integration.
Keeping cryptocurrency keys secure has always been a challenge. Keep them too well, lose your money; keep them not well enough, someone can steal your money. It's a thin line to walk.
Keybase wants to make encryption user-friendly, and keeping cryptocurrency keys secure fits very well to that purpose. This is probably the least painful way I've kept crypto private keys.
Besides, the wallet is pretty functional, and is integrated to an app that's already sync'd to my phone and computer. It's without fuss and just works. Compare that to yet another app which I don't know, need to evaluate, don't trust to keep my secrets, or won't share them across my devices. Here, it's painless.
I personally knew Stellar already, but as a technical user (which I feel is a natural demographic for any crypto to start to get early adopters), this brought back Stellar in my mind and renewed my interest (or would've interested me if I hadn't known it).
Besides, I quite like Stellar as a cryptocurrency for payments: fees are low, and confirmations are near instant. And I'm not even naming the fact that it natively allows you to keep fiat money as a Stellar asset instead of exposing yourself to the risk of losing value to fluctuation. (Though there are caveats, but the infrastructure is there natively to build very useful things.)
I don't think this was quite bad a move as some make it out to be.
On the flip side of the anecdata I signed up for a thing that could prove I am me in case it ever became useful then they added chat to it and something to do with git and then started spamming me with some cryptocoin bollocks
I discovered the first (surprisingly good) use case for keybase the other day -- Terraform encrypted outputs which you can configure by simply providing your keybase id. Extremely convenient. Perfectly joined the dots between a complicated but secure thing (you had to store sensitive state in S3 with server-side-encryption, which made it way too complicated to have sensitive data in a small side project) and the throwaway easy but very insecure thing (store the state locally/in a private git repo).
Of course, absolutely ZERO crossover between that kind of utility and this Stellar thing. I'd like them to find more life-improving nuggets of utility like that instead. Find more places in your life where you want something encrypted ad-hoc but don't want to memorise your GPG key ID. Any time someone would normally whisper to tell you something could be a candidate.
> Perfectly joined the dots between a complicated but secure thing (you had to store sensitive state in S3 with server-side-encryption, which made it way too complicated to have sensitive data in a small side project) and the throwaway easy but very insecure thing (store the state locally/in a private git repo).
I use git-crypt for storing secrets in git repositories.
This sets the users password then PGP encrypts the password with their keys from keybase. You can then use the module output to get the pgp encrypted password and pass it to the user (manually, email etc...).
Otherwise it will put the password in plaintext in the state, not a massive issue as you can set it to require changing next login. But eliminates the even slight chance of leakage.
You can also encrypt the state with KMS (for example) and manage access to the key to prevent casual access to your secrets in statefiles. Uploading encrypted values in state is interesting though and using keybase for that is awesome!
This was my first intro to Keybase as well. I believe it is still limited to the AWS provider (Google provider maintainers are dead set against it last I checked) but for resources like `aws_iam_user` you can specify either a GPG pubkey or a keybase username and upon creating the user the Terraform provider will generate a random password and encrypt it so you can store it / share it safely.
When I started getting the spam I deleted my account.
I love the idea of keybase but in practice I never had contact from strangers suddenly using GPG, so it felt more aspirational than useful. But with zero interest in cryptocurrencies any tiein/integration was just wasted on me.
It's interesting how experience differs. I created my keybase account out of couriosity and when chat was added, people I know started messaging me. Now it's more a communication tool to me than something to prove my identity. I don't care that much about stellar, but it's more in the realm of interesting things than annoying. :-)
That's a fair defense of Keybase and Stellar. But it's not a defense of the airdrop, which seems to have had the effect of introducing a new population to Keybase, one that is more interested in cryptocurrency speculation than any of the things Keybase did previously. That, I think, was a big mistake. It increased engagement metrics while annoying all the existing users; effectively it pivoted Keybase into a chat app for altcoin enthusiasts. Which would be fine, if that was actually their goal, but it doesn't seem like that's what they wanted.
Agreed - the first distribution required registration prior to the announcement. I don't see why that didn't apply completely, why use it to drive Keybase sign-ups? They were essentially all 'fake users'.
Even the first distribution temporarily put a market value on old GitHub accounts, since their anti-grab measure was that you needed a pre-existing Keybase account or a new one linked to a pre-existing GitHub account. There were several people on /r/github confused why they were getting monetary offers to buy their accounts. That already didn't sound like the intended outcome.
It's not clear to me how I'd exchange my lumens for goods or services.
I could imagine transferring some lumens to a friend for my share of dinner, but only if my friend is actually going to want lumens. Even if they're a keybase user, they're hardly going to be excited if I transfer them tokens that they are then, themselves, going to find difficult to exchange for goods or services.
If Keybase had to cancel this because all of the people signing up were after the lumens to speculate, maybe they should work on making the currency actually usable and liquid. I'm not interested in speculating; if I could use this to buy something down the supermarket, I'd be very interested.
Indeed. If there were businesses on Keybase at verifiable addresses that accepted lumens as payment, we'd be in a much more interesting space. ...And I do think that might be a place Keybase can excel, because they could provide the method to be sure @walmart was actually Wal-Mart. But it requires that companies be willing and able to accept cryptocurrency.
I don't think the downvotes are because of that. It's more that "creating a critical mass" via something people don't actually want is pretty much the definition of spam.
I've seen exactly this in a local well-regarded startup. Incompetent hires with problematic behaviors thriving and being protected, and competent hires being unprotected, not cared about, and almost pushed out.
They would hire almost anyone, and then not take active action in maintaining a healthy staff. Needless to say, it's not going very well over there, regardless of the CTO being quite technically proficient.
Incompetent PMs can be an issue too, between inaccurate/incomplete feature planning and shoving their responsibilities onto unwitting developers. I'd argue that a great PM is worth as much as the much-vaunted 10x developers, if not worth much more.
As always, the implementation here, the lines of code in index.php, doesn't really matter. Anyone can code a job board given enough time. The questions that matter are rather how he got his audience to come to it:
- How did he make his offering known to potential clients?
- Why did the clients choose his page, over the N many competitors out there? What's different or better about it?
- Conversely, how does he get his job-seekers? Are they of particular quality?
The index.php file is old news. The getting employers and candidates together in a nice package is the valuable part.
(I'd actually be looking forward to hearing about the making of this job market.)
I think Pieter has simply become the guru for digital nomad engineers - he's behind Nomad List, for example. So he spent a good portion of his life building up his credibility and connections. Plus the site actually looks and feels good (CSS/JavaScript). The PHP file is probably the least interesting piece of the puzzle :)
Case-insensivity is important for some to be able to reliably remember a string. I won't easily retain the difference between 'b4dQbFs31' and 'b4DqBfs31'.
Same thing when speaking it out loud. 'B four D capital Q B capital F s thirty-one' is way more convoluted and error-prone than 'B four D Q B F S thirty-one'.
The best thing I've found that fits this criterion is Crockford's Base 32 [1], basically the extension of hex digits, removing letters ILOU.
But Base 32 (case-insensitivity by proxy) constrains us to 5 bits, which is only a 20% reduction over the 4 bits of base 16. So instead of the 20 bits `1ab2f` we could express them with something like `1qm3`.
Regarding Base 32, I love the justification used for removing U. I, L, and O all have potential confusion with digits, but U was removed because of "Accidental obscenity".
I'm surprised it wasn't just "and all vowels" with the same reasoning, or at least 'a' (because I can more readily think of examples than for, say, 'e').
I suppose, though, there's an attraction in using b32 rather than b29... (Though I notice mid-word apostrophes are double-tap-selectable at least on macOS, so perhaps swapping 'a' for ''' would be advantageous, if more complicated to explain.)
I find it interesting that you're willing to say "twat" but not "bastard". I admit that I didn't think of either of those words, though I think they're still much tamer than the ones with "u" in them. Really what I was thinking of was "crap" and "damn".
I once had a moment of panic after coming up with and shipping a custom scheme along these lines, when I realized there was a decent probability of generating accidental profanity. Afterwards I came up with a filter, and we spent a fun day filling it with every nasty word we could think of.
The best way to use words that I've seen (e.g., over the phone, and also to memorize) is Mnemonicode, originally created by Oren Tirosh, who has since abandoned it, but there are multiple compatible versions all around, see e.g. [0].
Unfortunately, most of the references around the web link to Tirosh's original work on the WayBack machine, which used to be hosted on "tothink.com", but the new owners put a "robots.txt" which make even the old version unaccessible on archive.org
