[joallard]

Seems like a lot of people are saying the airdrop and integrating Stellar to Keybase was a bad idea, but I don't think so. There's a lot I like in the Stellar-Keybase integration.

Keeping cryptocurrency keys secure has always been a challenge. Keep them too well, lose your money; keep them not well enough, someone can steal your money. It's a thin line to walk.

Keybase wants to make encryption user-friendly, and keeping cryptocurrency keys secure fits very well to that purpose. This is probably the least painful way I've kept crypto private keys.

Besides, the wallet is pretty functional, and is integrated to an app that's already sync'd to my phone and computer. It's without fuss and just works. Compare that to yet another app which I don't know, need to evaluate, don't trust to keep my secrets, or won't share them across my devices. Here, it's painless.

I personally knew Stellar already, but as a technical user (which I feel is a natural demographic for any crypto to start to get early adopters), this brought back Stellar in my mind and renewed my interest (or would've interested me if I hadn't known it).

Besides, I quite like Stellar as a cryptocurrency for payments: fees are low, and confirmations are near instant. And I'm not even naming the fact that it natively allows you to keep fiat money as a Stellar asset instead of exposing yourself to the risk of losing value to fluctuation. (Though there are caveats, but the infrastructure is there natively to build very useful things.)

I don't think this was quite bad a move as some make it out to be.

[corobo]

On the flip side of the anecdata I signed up for a thing that could prove I am me in case it ever became useful then they added chat to it and something to do with git and then started spamming me with some cryptocoin bollocks

[cormacrelf]

I discovered the first (surprisingly good) use case for keybase the other day -- Terraform encrypted outputs which you can configure by simply providing your keybase id. Extremely convenient. Perfectly joined the dots between a complicated but secure thing (you had to store sensitive state in S3 with server-side-encryption, which made it way too complicated to have sensitive data in a small side project) and the throwaway easy but very insecure thing (store the state locally/in a private git repo).

Of course, absolutely ZERO crossover between that kind of utility and this Stellar thing. I'd like them to find more life-improving nuggets of utility like that instead. Find more places in your life where you want something encrypted ad-hoc but don't want to memorise your GPG key ID. Any time someone would normally whisper to tell you something could be a candidate.

[jrockway]

> Perfectly joined the dots between a complicated but secure thing (you had to store sensitive state in S3 with server-side-encryption, which made it way too complicated to have sensitive data in a small side project) and the throwaway easy but very insecure thing (store the state locally/in a private git repo).

I use git-crypt for storing secrets in git repositories.

In the future, I'll probably switch to this, though: https://github.com/bitnami-labs/sealed-secrets

[ithkuil]

Could you please describe in more details the workflow with terraform?

[deadbunny]

(Using the IAM module because I'm lazy)

module "iam-user_foobar" { source = "terraform-aws-modules/iam/aws//modules/iam-user" version = "2.3.0" name = "foobar" pgp_key = "keybase:foobar" force_destroy = true create_iam_user_login_profile = true create_iam_access_key = false password_length = "${var.password_length}" }

This sets the users password then PGP encrypts the password with their keys from keybase. You can then use the module output to get the pgp encrypted password and pass it to the user (manually, email etc...).

Otherwise it will put the password in plaintext in the state, not a massive issue as you can set it to require changing next login. But eliminates the even slight chance of leakage.

[vageli]

You can also encrypt the state with KMS (for example) and manage access to the key to prevent casual access to your secrets in statefiles. Uploading encrypted values in state is interesting though and using keybase for that is awesome!

[phrotoma]

This was my first intro to Keybase as well. I believe it is still limited to the AWS provider (Google provider maintainers are dead set against it last I checked) but for resources like `aws_iam_user` you can specify either a GPG pubkey or a keybase username and upon creating the user the Terraform provider will generate a random password and encrypt it so you can store it / share it safely.

[stevekemp]

When I started getting the spam I deleted my account.

I love the idea of keybase but in practice I never had contact from strangers suddenly using GPG, so it felt more aspirational than useful. But with zero interest in cryptocurrencies any tiein/integration was just wasted on me.

[3stadt]

It's interesting how experience differs. I created my keybase account out of couriosity and when chat was added, people I know started messaging me. Now it's more a communication tool to me than something to prove my identity. I don't care that much about stellar, but it's more in the realm of interesting things than annoying. :-)

[geofft]

That's a fair defense of Keybase and Stellar. But it's not a defense of the airdrop, which seems to have had the effect of introducing a new population to Keybase, one that is more interested in cryptocurrency speculation than any of the things Keybase did previously. That, I think, was a big mistake. It increased engagement metrics while annoying all the existing users; effectively it pivoted Keybase into a chat app for altcoin enthusiasts. Which would be fine, if that was actually their goal, but it doesn't seem like that's what they wanted.

[OJFord]

Agreed - the first distribution required registration prior to the announcement. I don't see why that didn't apply completely, why use it to drive Keybase sign-ups? They were essentially all 'fake users'.

[geofft]

Even the first distribution temporarily put a market value on old GitHub accounts, since their anti-grab measure was that you needed a pre-existing Keybase account or a new one linked to a pre-existing GitHub account. There were several people on /r/github confused why they were getting monetary offers to buy their accounts. That already didn't sound like the intended outcome.

[angrygoat]

It's not clear to me how I'd exchange my lumens for goods or services.

I could imagine transferring some lumens to a friend for my share of dinner, but only if my friend is actually going to want lumens. Even if they're a keybase user, they're hardly going to be excited if I transfer them tokens that they are then, themselves, going to find difficult to exchange for goods or services.

If Keybase had to cancel this because all of the people signing up were after the lumens to speculate, maybe they should work on making the currency actually usable and liquid. I'm not interested in speculating; if I could use this to buy something down the supermarket, I'd be very interested.

[ocdtrekkie]

Indeed. If there were businesses on Keybase at verifiable addresses that accepted lumens as payment, we'd be in a much more interesting space. ...And I do think that might be a place Keybase can excel, because they could provide the method to be sure @walmart was actually Wal-Mart. But it requires that companies be willing and able to accept cryptocurrency.

[carleverett]

You could get a Wirex credit card and spend them anywhere that accepts Visa: https://wirexapp.com/global

[1234_0000_99]

> Keep them too well, lose your money; keep them not well enough, someone can steal your money. It's a thin line to walk.

Nah, not really.

Unsophisticated users tend to keep their crypto on the bigger exchanges, which means someone else manages their keys.

Sophisticated users tend to use (cheap) hardware wallets or at least understand paper backups of keys and passphrases.

How-tos and warnings are exchanged ad nauseam on crypto Twitter and crypto blogs.

I imagine Keybase would have moved this forward about as far as they've moved forward GPG / PKI for the general user. (Not much)

This is mostly Stellar trying to gain some marketshare since they haven't made much progress elsewhere.

[_Codemonkeyism]

I agree, I think airdrops with Stellar and a wallet on many developer computers could create the critical mass to more crypto applications.

[KirinDave]

As a keybase user, why should I want to be a part of that?

[_Codemonkeyism]

I don't know.

[KirinDave]

Then why did you write a post emphatically stating you agree with an opinion that the airdrops were a good idea?

Did you just get really excited by their enthusiasm?

[_Codemonkeyism]

You can downvote me as much as you want - I wish more people would say "I don't know." if they don't know - on the internet and in the office.

[pavlov]

I don't think the downvotes are because of that. It's more that "creating a critical mass" via something people don't actually want is pretty much the definition of spam.

[alwillis]

Thanks for articulating my thoughts and feelings regarding Keybase and Stellar.