"connect your LinkedIn and Github accounts to enable the free faucet"
Really curious: I can see how connecting a Github account may be valuable for a company pushing a developer tool, but I'm not sure I understand why they'd want a LinkedIn account. Perhaps to try and determine where you work?
Companies consist of not just developers, but also managers (sometimes also called "decision makers").
Often it's the manager's job, not the individual developer's job, to register to such things. Then they will take care of the emails, possible negotiations, and all other consequences of such subscriptions.
Don't get me wrong: Often these managers do have a Github account (and many more accounts). But offering LinkedIn is a safer bet to address almost all of these decision makers.
They are probably trying to make sure you can't create a bunch of fake accounts and abuse the faucet.
Either way, I really think that their product lacks substance and don't appreciate how they try to push a device that adds nothing to the ecosystem that can't already be achieved without it.
Block chains are such a fundamental social and technical innovation that, put simply, we don't know 95% of the use cases they will facilitate in the near future. You may think that 21's products currently "lack substance" but they are literally trying to invent this future. Most of their products may fail, but if they figure out a fraction of this 95%, they will be remembered as visionaries.
Mark my words. Don't judge them too quickly. They might turn out to be the next Amazon.
In addition, pure numbers as library name makes trouble in almost every programming language, because you can't use that directly as an identifier and have to find a workaround.
It seems that at least in Python the library is hence named "two1", not "21".
I guess they did it because the short domain (21.co) was available for their installation command:
curl https://21.co | sh
Not sure why the authors think anybody would type that in by hand, rather than just copy & paste it, though. So the short name doesn't help here, either.
In addition, the "curl | sh" type of installation has a bad reputation among developers, for security reasons. Which is especially critical when payment is involved. And which is even more critical when it is about automatic payment.
At least they prove a docker image in addition to that. But even here, no separate checksum is provided. Also, I can't see any digital signature. Or anything else to ensure integrity through a separate channel.
> In addition, the "curl | sh" type of installation has a bad reputation among developers, for security reasons. Which is especially critical when payment is involved. And which is even more critical when it is about automatic payment.
That only secures the transport, not necessarily the source. Especially without a checksum or digital sig to verify the source, it's a little weird of an oversight for a company like 21.
How would that checksum or digital signature be distributed?
HTTPS checks for authenticity of source (it uses digital signatures). Now, I guess there could be a rogue CA which creates another certificate for 21.co, but excluding that it's fine.
