Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: 'Signed Blogs' with Keybase.io filesystem (github.com)
24 points by OJFord on Feb 5, 2016 | hide | past | web | favorite | 11 comments



This is a compelling demonstration of Keybase.io's file system.

This idea could be taken further to get past the past the ugliness complaint. Imagine something takes Markdown from these and renders it only if verified. Someone could stand up a TLS-protected site (possibly protected with a letsencrypt.com cert to reduce cost) that conditionally renders (based on keybase verify) and potentially caches renders for performance.

Either way, this is neat and I'm excited to see what other ideas our creative crowd come up with in using Keybase.io's new file system feature.


Thanks :)

Regarding ugliness - I started on a stylesheet, and then just decided that wasn't the point. I just wanted something quick to demonstrate this use of KBFS, and I'm not expecting (or desirous of) people to use it as a genuine service.

I've been working a bit on a blog for my own ramblings (some here may have tried the naked domain and noticed it 503s) - I'm now interested in doing that as the demo here but fixed to my account. (And uh.. with a stylesheet and stuff!)

As you noted, it would then seem sensible to do some caching - but I think this needs careful thought to not destroy the purpose and benefit of hosting posts on Keybase. I suppose it would have to display the cached copy, and then load from KBFS in the background anyway, to verify it (not only as untampered-with, but also as being still the latest version).


Doing caching correctly is tricky. Some kind of cache hinting might be needed. As a default though having it cache with a 5 minute interval would blunt the hit of a popular page very significantly. It would also allow for the use of a CDN like Fastly, Akamai, CloudFront, or CloudFlare in front if things get very hot.

An even more impressive trick might be a TLS server with SNI running vhosts which could check that the content was signed by a keybase user with a DNS proof for controlling that same domain. That would allow custom domains based on DNS CNAMEs. Now I'm getting carried away though ;)


Cool to see a project so soon after the keybase release. How is this any better than browsing public files on keybase.pub though?


It's basically the same; you're right - Keybase are doing all the heavy lifting.

The idea was more one of subtraction than addition: take everything away and display just .txt and (rendered) .md blog posts.

I thought I might use it just for myself (i.e. instead of the user search, just fix it to 'ojford') but seeing as I didn't have any content, and I just wanted to try something out, I did it like this first.


You can read this by piping into: `keybase decrypt` :

BEGIN KEYBASE SALTPACK ENCRYPTED MESSAGE. kiZ8aa8yNOPC2nP QD3QM6XxeDcurpU PZqSleTgKxgp9sd hCuooQmObarwJ3s nyWrixKOA2h8EWj 6ngTHMGf1nOnrwq 2hjkFzgNR2q2bcZ AMxPfhM5vvYEPHy HoWuLF9LYW6TQJH LLaUBL3twPV9KIw PH2WWv3PrfelwWs dWaCwzBoqmn7cWr 16bbzXP9ZJDOaRY w4JSZnRFi8Mr5zX 3LxleA9zhQKlmJj nasIyzHkP24aoB1 veAhsE0LqJCsr2r RZFuWr50FeNcpa8 vLBtRm9wwhAVlfW nnauBjDcchJGv9d 2oyhAy3b8dNCenU 4DUTEzKBQPjtnII gIEBjtppdRQrBHe cYzVCypxUolosZU w5uCDr6x1Z6ctZv vXCPwK8Fnm9QZdT KmUozJ1h6BTkd7j xRgtUWykZSVMKW9 xE15Eu5DeCLndt1 lcjFElqty7c4C6p lNIxD6MYEOeUaBq JTPikwIwPle6M80 DLxDSopyfst9zTa mJjdgw56w1bajI4 Ovzd9iHkY2o4vns jOBYmXCfoy6LI4X A3yw4DEjuGbuuj2 HXJgkbbSsxrJPKD rzZVjeWBtE6C61G cFPEAWTyWqiX17Z 5t2EPAT20T0pFGH aZBoaHnHA0McNO0 VrOS0I8Ng0Wb5CI jqrgAGTg1OGzT0U kWbm7wyXLUYfY0r tFhxwI7FanJJG63 FDFkJWc4eYlu9uI lEztervxw7pD1UL vifMFDamuFOdjEx fwSOeqO4ArDWvhl qlJy354q01KIe5E klgbuGQNRI7eaoG D01QNSWoWO7sPlQ wEkt0725b4el3Ik C7wMeF4JPRyIsEH erMb44uoqscmCKL Oq7uBB8S5U7Smsq HFfT5rnIyD43uoW Qad9j0nmPtzZODd BrTARreGT2xSxrI LRk2U01wYdYCjQZ SmlO2h2bC4ZhlcC M1JrligKAfVaeBB RLO7Oq1MAgPtT73 CGVU8c4gkvmFWAN wUC7gYivwSnKFIc IzkmMh1xdLOOoAz mPqc2plpeFOb1xU 69BYLOLY7yKSu9u qMIz5pfyH27jqe2 qcBr7ZYJnHbIEIR MEFhalnBNMYa4V6 v2xHIM17APMK4KF HMXTr6zZkzWjzaO 4v3da0FBXtOmSdw 5vyGg63adgKJfvv 2ZJ9pGCwr0EtbE0 Udq8ViuoxLdWLdS Cnia8CzkMYVZykN 0NTawBLIdLfkdS9 lkvbKdSnLTXPRO1 KO64hsp5KqthaWC rsGxnSVuPiNIYGw NNsbCoMLRhwlbjU QjrZlm5IvGXS8Xv 2BvaRPEvdCx2tKl FHe8MMgs0OCxuA7 qsTTJVr7ygjbEsX 8I0zq98SQRwPKct JO2igBY28Hdtevl o4B3qJar7cHxWAF 01keedd12iQ2s7g 1vAcePHMykUtGS8 wc1FmnsoPXPoaC3 2pOaC2h2TmLTjsB UbEKUWaQoqLuzAt H4WvBbfaG0Py1Uf 0tCn1lDfjBwoUyu Aw9hxHKLwsnFvG7 6YFPThbUAJXRkWX UkMFJGGDYB12U4O uPhgrXCOj0wyfk0 cM2LdHr8UUAvitv lEctZt35tsk7Gs3 gcnzMXFZry0YUlz HEwdmxxyge4hHvk lfbkVn8teR5ij3K aVW7cmVK8Hen7wG Uxnjdq4RbiYCvj9 Dh7MdZ9EeNAiKky TiR2Qdab5T3SBWO w7mo7AZSenrKlk9 2pdRYrorpfBXb6N UpNJX8dIDY3oKpi AT38U20c0XIhAsT rm8KD5FxwwKaOLb IRk7s6G9qxrR0JR 6JWCQss2MRlnHok Q9spNDl5ZP8h1mw moskVQG8NUoAtad XrNlwNhiPzgYahc sR3RwaduCxoItPI q1APP6bpvIXLA80 NHk1T3IRfbjoLAx KjWfLIvw2A6qMCs MLuEOCLttVOOyyf yb6tTcsgCeaPZ07 rBVIF6qQiNAVx6U SHNHiaCejEV7HaS nRJR8IgMQbkx7t1 r4o5ZCUtyjFd6Qk j3Dymz0vYmUsxLm YC88Ra84XXzzJs0 sQBnzzL7f4loH54 6Pl8wKtakQGiBHs YPg56A0QsV8rEkg Sa18oSmp5DDW5Sh c4FrnEq71ZjrAtB l26ZvEwHTfwl4Ok 5yzP9plzR4UXeJL PIsGDAs0OTnS4fd jtI4lDct1tiscY2 6ji2I4hSHxnThTd Q12xf6PruOeD6Va z067mlUxOlAxBbP AbIYzBNtCIfT3zN hXjGvaTRVO1PQ1e mCK6AEYASAK7m49 hXZbdV6yJ6Speli cwIfwwLePYZIYd1 Ce1gqim3TlsRdZo dmJV0FrlaOskSo7 PGEAOuKnC9JUvYu lloBwrrHjYcm1XY txS4luyzC39mDvc w2pbLUrk4OWNQ1n ikN0g3cFjsnuTvI cY9dqifkVnQbBos HoGRvfSOqBFFeM0 JdfYumZrhhtr0X1 93rDHsnYJVgXgEX BVVMTlK4MNGxrMU v5CJ1EiUlpPr9W4 8raCvgjMOzaY16H 7SljrVKXxNfIRRC VDXcCzY3ugncD7E 2CKKh1kc3xWZXSF RTFNVVR6t5SQV6s LnPrYV8Ypv4uyJI Qf1Xn8ExBGjdmGV QWHUpfDZkDywX4V b0VuuTrDBGErymO F9qjY8w0BBObeb2 r8RgSxnpu3cctif 1yrCL533anB0KkV TczvdwT1qdrghna PFpJg4MNAIVbPrz ZcTE4IQIkCb5PJt yLDnasbph4dodcv UIflf8m7mCmFArA gMdhfzvFNdTTkIG 4AHdK5PMNBLBori VEb0BD7QvoMizJB fkubxMk144i6PYw D9CBeRUSlWCC5Dj TMrH3LbrGX. END KEYBASE SALTPACK ENCRYPTED MESSAGE.


I may be doing something wrong, but it says "message wasn't encrypted for any of your known keys".


Oh - it was an encrypted message to the OP. Here's something general: BEGIN KEYBASE SALTPACK SIGNED MESSAGE. kXR7VktZdyH7rvq v5wcIkHbrvAOc8o HtD9ll30QZYRrt1 63n5tVSjvbZwtwt nQVqdDHEZIYWqWk 57rCih2L43U8D3v uDU7bYeatPFXDSw ZikNjVdebkJILFR kJOj6IN4D9bYNmB i2nHNFWj4btITlY zaRLkk6i76FyoyS K2Bq54fZpCtrDLQ 2FONdETOnbaI0ic FvHxWlsrpGVrdNs wSVZpOWekpe0eVy YV4z1lt7ONQ4Qo2 p3cX0bRLsKiIWHX B667fNFKpAEqXxU W93RkSAvfjXBvFX zkPRUCfcAFReAQz 6nEzbsy4YfQ7m01 iEvaCvMqXgEZTOx 8F9GoqyQ6gnHfHP lG9Si8v2LNP048x F1Y3oqxh1OEaJai IjpB67iffOBo00. END KEYBASE SALTPACK SIGNED MESSAGE.


It might have been aimed at OP :)


Wow, that was quick! :D


All the hard work's done by Keybase ;) - I just used their API to resolve usernames on other services; scraped users' directory for .txt and.md files (nothing in API, yet at least), and then just loaded the text from response body of the file's URL.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: