kentonv changed the topic of #sandstorm to: Welcome to #sandstorm: home of all things sandstorm.io. Say hi! | Have a question but no one is here? Try asking in the discussion group: https://groups.google.com/group/sandstorm-dev
frigginglorious has quit [Ping timeout: 256 seconds]
frigginglorious has joined #sandstorm
frigginglorious has quit [Ping timeout: 272 seconds]
frigginglorious has joined #sandstorm
frigginglorious has quit [Ping timeout: 264 seconds]
frigginglorious has joined #sandstorm
frigginglorious has quit [Remote host closed the connection]
frigginglorious has joined #sandstorm
frigginglorious has quit [Ping timeout: 256 seconds]
frigginglorious has joined #sandstorm
frigginglorious has quit [Ping timeout: 256 seconds]
nullbpm has quit [*.net *.split]
nullbpm has joined #sandstorm
isd has quit [Quit: killed]
jryans has quit [Quit: killed]
CaptainCalliope has quit [Quit: killed]
abliss has quit [Quit: killed]
rjBadger[m] has quit [Quit: killed]
JacobWeisz[m] has quit [Quit: killed]
ill_logic has quit [Quit: killed]
abliss has joined #sandstorm
CaptainCalliope has joined #sandstorm
jryans has joined #sandstorm
rjBadger[m] has joined #sandstorm
JacobWeisz[m] has joined #sandstorm
<kentonv> whelp... so much for keybase. :(
<JacobWeisz[m]> wat?
<JacobWeisz[m]> Holy crud
<JacobWeisz[m]> Time to rewrite our app signing strategy?
<kentonv> well... if we'd ever gone and implemented the code to actually verify people's attestations then we'd be fine
<kentonv> but currently we're assuming that keybase itself is honest and not compromised
<kentonv> (just for the purpose of displaying a developer's linked identities, e.g. github username, etc.)
<JacobWeisz[m]> HN is right that it sounds like a straight acquihire and the Keybase platform is probably going to either be left to rot or shut down.
<kentonv> yeah, it's clear that the upside to Zoom is they can say "hey we're improving our security, we hired experts"
<JacobWeisz[m]> It's hard to imagine Zoom cares about Keybase as a platform or community in itself, so unless the Keybase team figures out some coup in building Zoom's new security features on top of it, Keybase is probably gonna go away.
<simpson> It keeps happening. HN almost has a clue this time: https://news.ycombinator.com/item?id=23102650
<JacobWeisz[m]> My favorite point about startups and why I usually avoid them is their propensity to Vader.
<JacobWeisz[m]> Create a product without a viable business model, and when needbe, change the costs or feature offering on short notice to try to become profitable. "I am altering the deal..."
<JacobWeisz[m]> I have been reading about smarthome platforms which have suddenly decided you need to pay a monthly fee for the hardware they sold you to keep working because they realized servers cost money.
<kentonv> simpson, having been a VC-founded startup founder, I would say that comment and comments like it don't understand how the system works
<kentonv> VCs can't force you to sell and, in fact, usually don't _want_ you to sell.
<kentonv> an acquihire is a failure from the VC's point of view. They are looking for >10x returns and an acquihire just means they got their money back
<kentonv> actually that's not even true, pure acquihires often don't return any money to VCs at all
<kentonv> in a pure aquihire, there's _no_ reason for the offering company to pay any money to investors, because they only want the employees, and employment is at will so the employees can do whatever they want
<kentonv> the acquisition amounts they quote in pure-acquihire scenarios are really the sum of all the employee salaries and stock grants
<simpson> kentonv: But the disproportionate market share acquired through startup capital (the market disruption) is not worth the long-term effects. In this situation, for example, Keybase's improvements to the web of trust may be entirely offset by the lack of trust caused by this acquisition.
<simpson> And, like you say, the investors are not so concerned with those effects, as long as they get their money back.
<kentonv> again, the investors almost certainly are not happy with this outcome.
<kentonv> the employees are likely happy because they're no longer stressed out about whether they need to be job-hunting
<kentonv> and zoom probably offered them good comp
<kentonv> keybase never figured out a way to make money.
<JacobWeisz[m]> If the crypto had taken off, I wonder if they were hoping for a transaction fee or something they could sip off of.
<JacobWeisz[m]> But yeah, I no longer look at closed source services unless I understand how they are profitable.
<kentonv> I mean, the pitch was almost certainly "if we get a lot of people using this, we can sell all kinds of enterprise add-ons, integrations, support, etc."
<kentonv> keybase only ever raised one series A round of $11M and didn't hire many employees.
<abliss> i was always kind of fond of keybase, but i never understood why it was allowed to exist
<kentonv> they were presumably able to skip the seed stage because the founders had founded other successful things before
<abliss> similar to twitter, i don't see any core functionality that couldn't be written in a weekend in a pile of bash scripts
<simpson> abliss: Platform.
<kentonv> they got money from a18z, probably just on the basis that "this is cool tech and the founders have succeeded before, let's see if they can get somewhere"
<kentonv> oops a16z
<abliss> yeah, i guess $11M isn't that much
<abliss> is there already an open-source clone of keybase that we can turn into a sandstorm app?
<kentonv> they presumably kept the team really small while they experimented with ideas looking for product-market fit, which they never achieved. $11M with a small team can last many years but they were probably running out of money at this point with no one interested in investing more.
<kentonv> so they had to sell to someone. Zoom saw an opportunity to improve their rock-bottom security rep.
<abliss> Matrix project lead claims that riot's new cross-signing feature is "similar to keybase's concept of connected keys": https://news.ycombinator.com/reply?id=23102962&goto=item%3Fid%3D23102430%2323102962
<JacobWeisz[m]> abliss there was a "Keybase without the cruft" type share in HN a few days back.
<JacobWeisz[m]> Don't remember what it was called.
<abliss> keys.pub, thanks
<JacobWeisz[m]> Does it have proofs though? I don't think it did.
<JacobWeisz[m]> It can't be too crazy to write/check attestations though, maybe specifically for Sandstorm app authors?
<JacobWeisz[m]> Presumably that would cost us running our own service for that, but I'm not sure how long we should trust Keybase's database in that light.
<abliss> "We can link this key to your identity on Github, Twitter, Reddit, etc, by creating a signed statement and publishing it both there and on your sigchain. (You can revoke by removing either statement.)"
<JacobWeisz[m]> So to operate that as a Sandstorm app though, we'd need a web interface of some sort. It does say it has a REST API, so we've got that part.
<abliss> i guess it's really just a protocol for how to format the signed statements, then one little utility to generate/post it, and another to fetch/validate it. the latter could be done in a nobackend webapp if you use a CORS-bypassing mirror (maybe we should have one of those on sandstorm, so you don't have to rely on the choke points like corsanywhere which tend to get blacklisted). the former could maybe be done in sandstorm
<abliss> using something like ian's oauth-via-powerbox example.
<abliss> (or i guess, instead of a frontend-only app plus a corsanywhere mirror, we could have a proper backend to do the cross-domain GETs)
<abliss> Well, I've spent a little time playing with matrix's new e2ee stuff (in https://riot.im/app and the RiotX android app) and I'm still not impressed. it still seems quite half-baked and crashy.
<abliss> keybase's stuff was always very pleasantly stable and had good UX in my experience.
<JacobWeisz[m]> Yeah, it's a decent chat app experience too.
<JacobWeisz[m]> I use it to confirm Wekan and Hugo app update approvals.
<JacobWeisz[m]> The fact I could use it to know I was sending an app publishing key securely to the same person who is publishing the app and whose GitHub contains the code and then send them messages about the app all in one place is pretty darn nice.
<abliss> Yeah, I enjoyed using the slack clone and the private git repos that it sprouted, and was always intrigued by the global filesystem too.
<abliss> the cryptocurrency stuff boggled my mind a bit, but i guess that was their last thrashing attempt to do anything that smelled like revenue.
<JacobWeisz[m]> I mean, I like free money? I never found a use for it. But I feel like I'll want to get my Stellar account info extracted if they shut down.
<JacobWeisz[m]> I could imagine a world, where if I was paying people for app updates, an offer I've made before for Sandstorm, it'd be nice to also just send money through the same app that verifies who they are to me?
<JacobWeisz[m]> The claimed goal of Stellar is to be a very translatable way to move money between real world currencies using Stellar as an intermediary. If we had a lot of international app authors which didn't have currency services like PayPal that I am used to...
<JacobWeisz[m]> Allegedly right now my Keybase wallet contains $101 US worth of XLM. I'm not upset that Keybase gave me a hundred bucks.
<JacobWeisz[m]> But without higher adoption of XLM, I'd be uncomfortable buying XLM.
<abliss> yeah, but keybase already supported an easy way to sign ownership of a bitcoin address, so there was never a need to get in bed with yet another crappy altcoin :)
<JacobWeisz[m]> It was one of the top ten cryptocurrencies for a while at least.
<abliss> also, keybase gave you a taxable event you didn't ask for, in exchange for dubious value (am i ever gonna take the time to figure out how to convert that XLM into something I can actually spend somewhere? unclear)
<JacobWeisz[m]> Though possibly due just to their tendency to throw a lot of money around...
<JacobWeisz[m]> abliss: It should only be taxable if you spend it.
<JacobWeisz[m]> At least according to what I read when I was curious about that.
<JacobWeisz[m]> They probably should've communicated relevant information about that with the announcement though.
<abliss> that's not my understanding, though of course IANAL
<JacobWeisz[m]> But yeah, presumably if I sent it to an app author or the like, I should then claim the income.
<JacobWeisz[m]> Let me see if I can find the link about it.
<CcxWrk> keybase-but-federated is one of my long-term goals. But I really don't have the time to dive into it properly.
<CcxWrk> I couldn't really pull it off as a single person anyway, not for anything beyond POC demo.
<abliss> (see https://www.irs.gov/individuals/international-taxpayers/frequently-asked-questions-on-virtual-currency-transactions Q22: an airdrop is itself a taxable event . written for hard forks, but seems applicable to all airdrops.)
<JacobWeisz[m]> https://www.abbb.com/blog/cryptocurrency-property-tax-liability/ claims a gift (airdrop) of that value isn't taxable.
<CcxWrk> (Even if it's just stealing Google's Miranda and implementing signature verifying module.)
<abliss> (Oh yeah, i guess since its under the gift tax threshold it's taxable in theory but not in practice. anyway, we're far off topic now, i'll shut up about cryptocurrency)
<JacobWeisz[m]> abliss from your IRS link:
<JacobWeisz[m]> Q30. I received virtual currency as a bona fide gift. Do I have income?
<JacobWeisz[m]> A30. No. If you receive virtual currency as a bona fide gift, you will not recognize income until you sell, exchange, or otherwise dispose of that virtual currency. For more information about gifts, see Publication 559, Survivors, Executors, and Administrators.
<JacobWeisz[m]> That was where I got the "doesn't count as taxable unless you spend it".
<JacobWeisz[m]> But yeah, Keybase should've communicated that to people in their announcement, as it's a big source of FUD of the platform after the airdrop.
<abliss> I remember being intrigued by Miranda but also confused what it was going to be good for. did it ever turn out to be good for something?
<JacobWeisz[m]> "google miranda" is apparently not a helpful search term. Link?
<CcxWrk> Their Certificate Transparency backend, sec
<CcxWrk> Oh, Trillian not Miranda. Confusing names for some reason.
CaptainCalliope has quit [Quit: Idle for 30+ days]
<CcxWrk> I wonder where that brain fart came from. Anyway. The goal would be accountable serialization of events to give what current GPG revocation system lacks: reliable time - or rather happened before/after relation for subkeys publication.
ill_logic has joined #sandstorm
<abliss> why did i also have "miranda" in my head? was it an internal codename before the launch? (ugh, disappointed they stole the "trillian" name from the im app)
<CcxWrk> So you can safely rollover to new keys. But it then extends to other useful things.
<CcxWrk> I'd like to have OMEMO (mostly) just work for example.
<JacobWeisz[m]> Well, now we know Lyre isn't using Matrix much...
<CcxWrk> IIRC it shows history to all but rejoins users only to speak, to conserve connections. Same with CloudIRC
<JacobWeisz[m]> ill_logic there's been some discussion already, check the IRC log.
<ill_logic> Oh, the "new content" marker started from the point I rejoined after getting booted.
<ill_logic> Wait, no. I see Ian's grumble about libsodium, then Adam talking about miranda. Is Matrix not showing it?
<ill_logic> CcxWrk: I'm on Matrix. There's in theory a bot that sticks around and collects the history.
<JacobWeisz[m]> No idea, I always use whitequark for channel history.
<JacobWeisz[m]> But yeah, Kenton announced it on here this morning.
<ill_logic> (A handful of us are on Matrix.)
<ill_logic> Though, with freenode's tendency to boot people all the time, the bot may be getting booted.
<abliss> well, a Trillian server inside a sandstorm grain exposing a rest api through a webkey sounds pretty straightforward...
<abliss> then, a little Trillian client could sit inside a grain with network access, and a little web UI could let you add friends, and keep track of who's staying honest...
<JacobWeisz[m]> abliss: Could do that with keys.pub too though, yes?
<abliss> yep, seems like it
<JacobWeisz[m]> It sounds like Trillian is built for large scale solutions, Sandstorm tends to work better for things that are built to be small.
<abliss> but no matter how you slice it, you're up against a network effect to get it going. keybase did a pretty good job of onboarding lots of relevant folks. now, just as with the Google Reader diaspora, there will likely be no single place where everyone flees to
<CcxWrk> Yeah, I envisioned slightly larger deployments. Per-domain for IM providers or such.
<JacobWeisz[m]> Presumably the app index would want an authoritative keys.pub it used to check attestations and be a single source for Sandstorm servers to get the author information.
<CcxWrk> Or fediverse hosts or similar. Each cross-checking each other depending on whom it's users communicate with.
<ill_logic> What are the chances the Keybase people just open sources their server? If indeed they no longer care about Keybase?
<ill_logic> As a business
<abliss> isn't the whole design of keys.pub that the server *isn't* authoritative? it's just an index you can search to find the self-signed statements, which you then fetch and validate yourself?
<ill_logic> I mean, I think malgorithms (the Match dot com guy) created it as a project before it was a business. He might like the idea of the project sticking aroudn?
<kentonv> ill_logic, chances are it's not written in a way that would be useful to run independently (much like no one runs Blackrock...), but we'll see I guess
<abliss> yeah, i'm sure they'll opensource some more stuff on the way out, but i doubt there's anything magical in that source drop that will enable someone to come along and take their place.
<ill_logic> But it looks like there are alternatives out there. I'm not sure I understand what trillian is but maybe that is one of them.
<CcxWrk> The point of Keybase is to be sole provider of identity. It doesn't federate and anyone trying to use their code to replace it would run into the issue of competition / adoption. Much like Signal without official servers.
<abliss> keybase had a catchy (trademaked) name and a pretty icon, good UX designers, active community engagement, etc
<ill_logic> And frankly... never quite liked Keybase's attitude with the whole upload-your-password-protected-private-key thing.
<abliss> keybase has taken crypto usability more seriously than anyone before (that i know of). i respect the compromise they struck. i never uploaded my key and i never felt pressured to.
<CcxWrk> ill_logic: Did they do that? Last time I checked they had password-dervied keys but I don't remember encrypted privkeys being uploaded.
<ill_logic> That could have been long ago.
<ill_logic> I totally understand the value of tradeoffs. It bothered me that they were doing this to PGP in particular. Something that already had norms.
<ill_logic> And the norms are very important to me because I have relatively little idea how all this works. If all the smart crypto people say it's important, I'll assume it's true unless I hear what the caveats are.
<CcxWrk> Well… PGP has norms for clunky interface mostly. :P
<ill_logic> Yeah it would be great if they started over with something else.
<CcxWrk> PGP is straight up 90s crypto with a bunch of band-aids. Lot of crypto people say that it needs to die already.
<ill_logic> It's like when there's a big warning on the product that says "DO NOT DO XYZ" and you call the representative and they say "oh yeah you can ignore that".
<ill_logic> I saw a blog post talking about how the replacement for PGP should be many different tools since it does too much already. And fair enough.
<ill_logic> But I would still like some way to have one tool that handles identities that works with the other tools.
<ill_logic> Like maybe a chat program, an email program, a package manager verifier. All could be separate crypto tools. But the way to verify who's the one signing things, it would be nice if it were on ething.
<CcxWrk> Yeah. That's a crucial missing part. I've been reading the SPKI drafts recently. So many dreams in the 90s. We should finally make them reality.
<abliss> did any of them ever figure out what problem they were trying to solve exactly? even keybase never explained that to my satisfaction.
<CcxWrk> Did you ever try to replace PGP key?
<abliss> (but it was fun enough to use that i still used it despite not knowing)
<abliss> TBH i'm still not entirely sure what PGP keys are for, apart from the goals "making email into a secure communication channel" and "building a web of trust", both of which it has abjectly failed at.
<kentonv> btw I never installed the keybase messaging app, but I've received e-mails indicating several of you (e.g. JacobWeisz[m]) have tried to message me on it...
<abliss> how many of us would have to send you all our XLM in order to motivate you to install it?
<abliss> (perhaps coincidentally, i got my first real spam keybase chat yesterday)
<CcxWrk> I'm digging through the keys.pub and it doesn't seem to be replacement for Keybase at all? (No following, no key age attestation, no accountable change publication, no feature that made Keybase interesting in short.)
<CcxWrk> It seems to reimplement PGP keyserver with slightly nicer crypto but all of the other issues remain?
<CcxWrk> I mean, they provide unified format of ownership claim to publish on github. That seems about it?
<JacobWeisz[m]> I got two spam messages on Keybase, giving me like 0.01 XLM each.
<JacobWeisz[m]> kentonv: I have no record of sending you a Keybase chat message. But you once sent me a file via kbfs, I think.
<abliss> i can't even figure out what my XLM balance is; do you have to install a separate wallet app?
<JacobWeisz[m]> There's a wallet tab. On the phone app it might be behind the literal hamburger menu.
<JacobWeisz[m]> As much as others have heckled it, I appreciate that Keybase never asked you to install multiple apps.
<JacobWeisz[m]> I have 1401 XLM
<abliss> looks like i also got 3 spam XLM gifts of .01, pushing me to various phishing websites
<JacobWeisz[m]> Hey, you got .03 XLM out of it.
<JacobWeisz[m]> Imagine if that's what it took to spam someone's email account.
<JacobWeisz[m]> (I think at least some people have suggested the concept of email having a very trivial cost for spam control.)
<JacobWeisz[m]> In this case it seems particularly bad for the scammer since they didn't even get your attention.
<JacobWeisz[m]> ill_logic: I never really had a private key prior to Keybase, nor another use for it, so that's probably why putting your private key in their service didn't bother me.
<JacobWeisz[m]> I guess for that to be a problem I'd have to have a well-known PGP key I wanted to tie to Keybase. As I said on HN, if I didn't trust Keybase anymore... I'd just make a new key.
<kentonv> JacobWeisz[m], I've never used kbfs to my knowledge.
<kentonv> Keybase sends me e-mails saying: "Keybase users ocdtrekkie, wekan, and 10 others sent you 753 encrypted messages using Keybase chat."
<kentonv> JacobWeisz[m], maybe it was some sort of group chat?
<JacobWeisz[m]> Oh, Lauri might've invited you to our chatroom.
<JacobWeisz[m]> But you sent me an app publishing key using Keybase once.
<JacobWeisz[m]> I still see the folder from it between you and I.
<kentonv> ... when was that?
<JacobWeisz[m]> Years ago. I don't remember which one. But I am pretty sure it was your idea?
<JacobWeisz[m]> Because it encrypts the file with both our keys in some way that only you and I can access it?
<kentonv> maybe I just don't remember
frigginglorious has joined #sandstorm
<JacobWeisz[m]> I think you could do that with the CLI though.
<JacobWeisz[m]> So you may have never used the "app".
isd has joined #sandstorm
<isd> I have still not managed to build sandstorm with asan. I have managed to crash the compiler. I hate computers.
<xet7> Is there programming language that does not crash?
<JacobWeisz[m]> Languages that don't crash usually do worse things.
<isd> Eh, there are better spots in the design space
<JacobWeisz[m]> PHP historically doesn't crash, but it also tends to poop out unexpected data into people's browsers.
<isd> Compile-time errors are a good alternative to crashing much of the tiem.
<isd> time
<isd> ...and most of the real-world bugs that manifest as crashes really could be covered by that.
<isd> Elm does a really good job of this.
<simpson> To be Turing-complete is to crash, get stuck, or loop endlessly.
<isd> But crashing is certainly better than silently doing the wrong thing.
<isd> Right, we're only talking about the first of those.
<isd> infinite loops are of course inherently something that can happen in any turing complete language.
<isd> But, fwiw, I do wish javascript was much more crash-prone than it is.
frigginglorious has quit [Ping timeout: 260 seconds]
frigginglorious has joined #sandstorm
frigginglorious has quit [Ping timeout: 272 seconds]
Mitar has quit [Ping timeout: 240 seconds]