
21: An Open Source Library for the Machine-Payable Web - desantis
https://medium.com/@21/21-is-an-open-source-library-for-the-machine-payable-web-4f30d1437fde#.q9imccvqx
======
fomojola
I'm curious about this line in the post:

    
    
        "connect your LinkedIn and Github accounts to enable the free faucet"
    

Really curious: I can see how connecting a Github account may be valuable for
a company pushing a developer tool, but I'm not sure I understand why they'd
want a LinkedIn account. Perhaps to try and determine where you work?

~~~
therein
They are probably trying to make sure you can't create a bunch of fake
accounts and abuse the faucet.

Either way, I really think that their product lacks substance and don't
appreciate how they try to push a device that adds nothing to the ecosystem
that can't already be achieved without it.

~~~
mrb
Block chains are such a fundamental social and technical innovation that, put
simply, we don't know 95% of the use cases they will facilitate in the near
future. You may think that 21's products currently "lack substance" but they
are literally trying to invent this future. Most of their products may fail,
but if they figure out a fraction of this 95%, they will be remembered as
visionaries.

Mark my words. Don't judge them too quickly. They might turn out to be the
next Amazon.

------
gorm
Does anyone know if 21 has solved the transaction fee problem for
micropayments with btc?

~~~
SkyMarshal
That's what Lightning Network is for.
[https://lightning.network/](https://lightning.network/)

------
nemaar
Did not read the article but the name itself is bad. You cannot name a product
using an number. How the hell did they come up with this?

~~~
vog
In addition, pure numbers as library name makes trouble in almost every
programming language, because you can't use that directly as an identifier and
have to find a workaround.

It seems that at least in Python the library is hence named "two1", not "21".

I guess they did it because the short domain (21.co) was available for their
installation command:

    
    
        curl https://21.co | sh
    

Not sure why the authors think anybody would type that in by hand, rather than
just copy & paste it, though. So the short name doesn't help here, either.

In addition, the "curl | sh" type of installation has a bad reputation among
developers, for security reasons. Which is especially critical when payment is
involved. And which is even more critical when it is about _automatic_
payment.

At least they prove a docker image in addition to that. But even here, no
separate checksum is provided. Also, I can't see any digital signature. Or
anything else to ensure integrity through a separate channel.

~~~
witty_username
> In addition, the "curl | sh" type of installation has a bad reputation among
> developers, for security reasons. Which is especially critical when payment
> is involved. And which is even more critical when it is about automatic
> payment.

It's through HTTPS, so it's secure.

~~~
SkyMarshal
That only secures the transport, not necessarily the source. Especially
without a checksum or digital sig to verify the source, it's a little weird of
an oversight for a company like 21.

~~~
witty_username
How would that checksum or digital signature be distributed?

HTTPS checks for authenticity of source (it uses digital signatures). Now, I
guess there could be a rogue CA which creates another certificate for 21.co,
but excluding that it's fine.

