I am even more negative: Astute observers have been predicting the collapse of the system (including the global financial system) for about the past half-century. Not “if”, but “when”. If the current-events trend does not change soon ( NOT the damn virus, but people’s reaction to it), well... you may wish that you had traded all of your government-issued toilet paper for literal toilet paper. (Actually—for food, gold, tools, and weapons.) Is this a good time to HODL fiat?* nullius is bearish on government-issued currencies at a time when governments are in headless-chicken mode, and markets are in freefall. Accumulating more Bitcoin right now is a hedge on the potential that S will not totally HTF. In that case, you may well wish for assets in a form free from direct government control which (if you know what you are doing) is very easy to conceal, transport, and convey. It is not alarmist to observe that things are already pretty bad in many places. In case of total SHTF, neither government-issued currency nor the Internet will exist. In that case, you would need the other side of that hedge: You need to have spent at least the past few years quietly making the sorts of preparations that most people laugh at. If you already did that, then you don’t need for me to tell you that now is not a good time to be competing with desperate people for more of things that you already wisely prepared. Whereas if you didn’t, then starting that now is too late! Don’t be another desperate headless chicken. Just buy more Bitcoin, hope for the best... and if you die, at least you will die HODLing. How is that for negativity? :-) |
|
|
|
I didn't lose faith in bitcoin. I lost faith in humanity. I’m in Bitcoin, because I never had faith in humanity. Bitcoin is a system which exploits ruthless self-interest to coerce people who hate each other into cooperation—for the good of Bitcoin, not for each other. I am sorry for your loss. By that I mean, your dearly departed coins which I know you are mourning. I have all of my life savings in Bitcoin. All the liquid money that I have, aside from hand-to-mouth scraps of fiat to cover my mundane expenses (and I live simply). It is money that I cannot afford to lose; for I was never an investor, and I never thought of it as a financial investment per se. Bitcoin is to me more than money. Also, I can’t preach something to people if I’m not living it. —Also, I play for keeps; and that means going all in. I have always been that way. For the past few days, I have been ignoring the market (as I usually do). I don’t even know the current price exchange rate ( non-monetary commodities have prices; currencies have exchange rates!). I couldn’t panic-sell, even if I wanted to: I have never had a KYCed fiat-crypto exchange account. Getting my money into Bitcoin anonymously was a major project; and it cost dearly, especially given that I was ignoring the market as usual. Selling my coin for fiat would be even more difficult, because it’s easier to spend fiat cash anonymously than to obtain fiat cash anonymously. But I don’t mind being stuck with Bitcoin. Married to it. Now, it is foreseeable that in the near future, I may wind up with Bitcoin and no food. I am a practical man; and frankly, I will admit that I would rather have food. Still, I am glad that I have my Bitcoin. Bitcoin makes me happy. I was pleased, when I saw this: Nullius' sole objective is to facilitate the mass adoption of bitcoin.
That is actually not emotional on my part; and it is not a religion, my sense of humour notwithstanding. Bitcoin is the concrete embodiment of higher principles. At this point in history, it is one thing that can help slow our descent into a terrible abyss. That, I care about more than I care about money.
I don’t recommend buybacks based on emotions, any more than I would recommend panic-selling. The cool, savvy approach will result in having more Bitcoin in the long run. I do think the banks are trashing us now. Panic-selling means money value in their pockets ( correction noted as to a principle that most people never understand: the nature of money); so would whipsawing around with effectually FOMOing. Just pretend that you are approaching this for the first time—so, how would you get into Bitcoin now? Pretend that you just saw the term “maximalism” for the first time, and you’re such a n00b that you assume it means maximizing the amount of Bitcoin that you have. ;-) |
|
|
|
The statement claiming a forum uid is digitally signed. What other digital signatures do you want?
An actual signed message from the key. Everything else is just you him wasting everybody's time. For the nth time: What is the substantial difference between a digital signature on a userid (plus the primary key binding signature from the signing subkey, which I doubt you even understand the significance of)—and a digital signature on a clearsigned text file with substantially the same content, posted together with the initial publication of the key? You have been wasting my time providing you with patient technical explanations that either you are too lazy to read, or you are too stupid to understand. For you to attempt insulting me is despicable. Either explain in technical terms why I am so terribly wrong, which logically requires answering the above question, or fork off with your security theatre. |
|
|
|
This is medical advice for you: TURN OFF YOUR COMPUTER, AND GO OUTSIDE. “The Anglo-Saxon Mission, explained by Bill Ryan - a Project Avalon video” Sounds thrilling. [— more youtube videos—because serious scholars of The Truth publish videos on Youtube, instead of covering subjects in a higher information-density format more amenable to thoughtful analysis and discussion —] On second thought, the prescribed treatment was ineffective. To cure your condition, you need a megadose of Vitamin “D”: TURN ON YOUR COMPUTER, AND TAKE IT INTO THE BATHTUB WITH YOU. |
|
|
|
Declaring War on the coronavirus would be largely symbolic, although it may make China and the CCP uncomfortable. It could allow countries to take over factories to produce certain goods (I don’t think this is needed right now, but it may be if there is a shortage of medicines and antibiotics). It would also send a signal to citizens as to how serious the situation is to get citizens to adhere to recommendations that should help slow the spread of the virus. Lockdowns and unlimited State of Emergency powers as the new normality are not “recommendations”. In this context, a “symbolic” declaration of war could only segue existing irrational, cowardly panic into full-blown war hysteria—a game at which the Americans are history’s great grandmasters. And isn’t the People’s Republic of China supposed to be the Communist country—the one with stock exchanges? How would boob-bait propaganda, which the PRC government certainly understands, somehow make them uncomfortable in a situation in which American domestic policy turns towards state control of private enterprises, as it seems you are suggesting? By the way, America failed to totally forbid travel to and from Africa during the 2014 Ebola outbreaks. That would have been rational. Now, they are declaring war and implementing effectual martial law in places because of coronavirus? Seriously? OT/ some argue that the Cold War was actually WW3. There were a number of proxy wars during the Cold War so that no two nuclear powers were fighting each other and there was the arms race. US and USSR were never anything but friends, beneath the surface. Blowing up and bleeding out other people all over the world in “proxy wars” was aught but a game of golf between friends who are very competitive. Edit: I should add that it was much more convenient for Oceana America to be perpetually at war with Eurasia, than to fight hokey made-up wars such as the War on Terror, and now the War on Plague—not to mention all of the American domestic Wars (Drugs, Poverty, etc.). I (don’t need to) wonder how many people realize that America has a long history even in its domestic policy of implementing Marxist policies under other names. This does require a populace which habitually confuses labels for substance. As for US-USSR being distinct without difference—why yes, I think you’re right. They’re evil twins. |
|
|
|
Watching the Democratic debate and Joe Biden is referring to battling the coronavirus a “war”. Brian Mohnihan, CEO of BOA, described the coronavirus crisis as a “war”. Israel PM Netanyahu said his country is at “war” with an invisible enemy, the coronavirus.
I am curious if Trump or other world leaders will describe the coronavirus situation as a “war” and if so, will any country declare war against the coronavirus. War on an emotion must have lost its oomph. If the war ostensibly waged on the emotion had the proximate effect of increasing that emotion, what will the War on Plague do? I would suggest upgrading to a War on War; but Woodrow Wilson already did that, with the War to End Wars! Didn’t you hear: War was eternally defeated 101 years ago. Lyndon Johnson’s War on Poverty could well be interpreted as a War on Famine; victory has been achieved there, too. Now, all we need is a War on Death! Made in America (so stated with the understanding that not all individual Americans are so fortunate as to be grateful for their government’s wise policies). |
|
|
|
I have a little surprise in store. It is pending blockchain confirmation. It is significant, so I will post when that’s done. Appropriately made its own thread: Nullian Verification.
The forum ID proving ownership of the key. Right now the owner of the key is claiming ownership of the forum account, and that's all we know for certain. The owner of the forum account has not proven ownership of the key. Only a signed message could do that. If posting the signed message saying, “I am bitcointalk.org u=XYZ” in the same post alongside initial publication of the key would suffice, then so should posting a key containing substantively the same signed message: The cases are indistinguishable from a security perspective. Would you please explain what type of attack scenario you have in mind, in which a person creates a Brand New forum account, and then within 8 hours thereafter posts a claim to a PGP key that he doesn’t actually control—but in which he somehow procured a digitally signed userid claiming his less-than-8-hours-old forum account, despite his lack of ability to sign with the key?
A general note (not only in response to DireWolfM14): To avoid a false sense of security requires precise thinking about what each piece of evidence does or does not tend to prove. What we want is a bidirectional binding between two identities: (A) The forum account claiming the key, and (B) the key claiming the forum account. Unfortunately, as I have repeatedly pointed out, (A) cannot be done cryptographically; the best that can be done is for the person who creates an account to post a claim to a key ASAP, as the user did here. (B) can and must be done cryptographically. (B) is only and exactly what would be proved by a signed statement. It is equally, or even better proved by a certification on an OpenPGP userid; indeed, for a key to claim a non-cryptographic type of account (usually an e-mail address) is the whole purpose of the design of OpenPGP userids! To be absolutely clear, all of this discussion is orthogonal to the question of what evidence later use of a PGP key can provide. In the future, if the account’s integrity is in question ( e.g., allegations that it was hacked), the person who claimed a public key now can then demonstrate continuing possession of the corresponding private key. What we are now doing is trying to establish the initial association of an account with a key and a key with an account. So, again... And what, praytell, is the practical difference between a digitally signed OpenPGP userid claiming a forum uid, and a `gpg --clearsign` statement claiming a forum uid?
(Pedantic note: I emphasize the word practical, because the former <key → forum account> binding is certified (i.e., signed as a PGP userid) with the user’s certification-only primary key, and the latter would perforce be signed with a signing subkey certified by the certification-only primary key. For the purpose of this discussion, that technical difference should have negligible impact—although I would assume that the certification key is handled with greater security; nobody does the split-key thing unless extreme measures are desired for the primary key.) |
|
|
|
For the purpose of proving that a digitally signed statement has not been backdated, I hereby present a tool far superior to quoting and archiving: Secure, trustless timestamps using the Bitcoin blockchain! Understand what OpenTimestamps does and does not prove. Peter Todd’s announcement blog post provides an excellent introduction. In the digitally signed message presented below, I include recent information that would be infeasible to predict. This prevents forward-dating, which OpenTimestamps itself does not prevent. The information within the message is strong evidence that the message was created and signed not significantly before its alleged creation time; the timestamp trustlessly, verifiably proves that the message was created and signed not significantly after its alleged creation time. The magic bits are contained in an OP_RETURN in txid: 134da08e1590e709f3904e91e05de0e839bab18c5ad456471d0f3c84f374ae20 Need a handy explorer link? See Blockstream.info (Javascript required; onion). As a practical matter, the only thing that you that need to verify the timestamp is the timestamp file that I have base64ed below (plus of course, the timestamped file). You can verify this locally, using the OpenTimestamps client plus your own Bitcoin node, or verify it on the OpenTimestamps website if you trust it to tell you the truth. :-) The timestamped file:-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
I am Bitcoin Forum user 976210.
To provide evidence that this is not an old message previously signed
and forward-dated, I will hereby cite the three most recent posts by
theymos (weaker evidence, especially since he hasn’t posted in a few
days), and the ten most recent Bitcoin block hashes (stronger evidence!).
To prevent this message from being altered and backdated in the future,
I will timestamp it with Peter Todd’s OpenTimestamps service. This in
itself will provide security incomparably superior to the forum tradition
of “quote and archive”.
I will NOT hereby state the signing time, or the identity of the signer.
You should obtain this information from the PGP signature on this message.
- ----
# Three most recent posts by theymos
https://bitcointalk.org/index.php?action=profile;u=35;sa=showPosts
Other / Politics & Society / Re: Coronavirus Outbreak
on: March 12, 2020, 10:01:13 PM
https://bitcointalk.org/index.php?topic=5220206.msg54017323#msg54017323
Other / Politics & Society / Re: 2020 Democrats
on: March 11, 2020, 12:53:05 AM
https://bitcointalk.org/index.php?topic=5112320.msg54004736#msg54004736
Other / Politics & Society / Re: Tax rebates to reflate the economy.
on: March 11, 2020, 12:45:13 AM
https://bitcointalk.org/index.php?topic=5231748.msg54004716#msg54004716
- ----
# Ten most recent Bitcoin block hashes:
000000000000000000003e0f3a098ea6e92fe2c474538d58afe38c8b24956eb4
Block Height: 621772
Timestamp: 2020-03-15 20:18:19
0000000000000000000f8444e1ac4fea06b9b75be7b045f3d2fecacdcb5c4b79
Block Height: 621771
Timestamp: 2020-03-15 20:09:48
00000000000000000004045d8d72ba911e03d9ed55be24344b6599d705169061
Block Height: 621770
Timestamp: 2020-03-15 20:07:02
0000000000000000000398f192ab9d1c8056f16000a669d7475e4c29c0571b09
Block Height: 621769
Timestamp: 2020-03-15 19:45:38
0000000000000000000992b96449d86cce2358cfd3db015fe211475be63ceaa5
Block Height: 621768
Timestamp: 2020-03-15 19:20:55
00000000000000000000ba33260d466b09fcc69fac83869c4e3c355f788eb8a9
Block Height: 621767
Timestamp: 2020-03-15 19:15:28
0000000000000000000d12afb75eb77f4705ca95ebbaaf8b3add45209965d525
Block Height: 621766
Timestamp: 2020-03-15 19:05:51
0000000000000000000ad77af87316d3e95c988e7c6ae99b93af4e0eb68b6538
Block Height: 621765
Timestamp: 2020-03-15 18:56:13
0000000000000000000650e6d97be40d26ff0bf4f61ad27e28cb541fdda37302
Block Height: 621764
Timestamp: 2020-03-15 18:54:47
00000000000000000009fc68e0faee77640280270f79b61fed0fc4a0af85f479
Block Height: 621763
Timestamp: 2020-03-15 18:53:22
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQSNOMR84IlYpr/EF5vEJ5MVn575SQUCXm6OiwAKCRDEJ5MVn575
SRCeAPwMr7wHtRwREzQLf0tznVQXVjJSPZD4IcRyDMPFB9HyPQD7BMZfzJ+Ize5q
2XQFV9sZOYpZ5keSss3Q5RLnyhJO8gc=
=gsBL
-----END PGP SIGNATURE-----
To verify the timestamp, you must save the signed statement with Unix line endings ('\n') and a single final line-terminator on the last line. (No blank line at the end.) The OTS file (base64ed):AE9wZW5UaW1lc3RhbXBzAABQcm9vZgC/ieLohOiSlAEI9sq0yyHNA7Oc7SjJ7gQx
qRm2dNn7S/MHAWTW00a20jvwEFhohSNdXDR856fKQXHO5KoI//AQO52Bcij3aHIZ
WOfJVznYTAjxBF5uj2nwCAw5p+1O4DH7AIPf4w0u+QyOLi1odHRwczovL2FsaWNl
LmJ0Yy5jYWxlbmRhci5vcGVudGltZXN0YW1wcy5vcmf/8BBbfhwjdFJu0V6bF3yG
3gBhCPEEXm6PafAIoXUfhzN6AogAg9/jDS75DI4sK2h0dHBzOi8vYm9iLmJ0Yy5j
YWxlbmRhci5vcGVudGltZXN0YW1wcy5vcmf/8BDGkXigQDsv44GSxwVKQtQzCPEE
Xm6PafAIoLPTIM9Qomz/AIPf4w0u+QyOIyJodHRwczovL2J0Yy5jYWxlbmRhci5j
YXRhbGxheHkuY29tCPEgGVR3dUW3/QtHqmx9l4EwFriGWIh7WFUAmRgEG8WB740I
8SB3yInee0NLimTtDyD4sosIV3Q3fhtUT8IePlFpBFMpgwjxIIXhLAjZka3qEqVT
RTVF/o3KaLOnC2sh01mRSukyIxg+CPAgxPMFC51GEMTwsNfcDqzstCuBia3awh/a
XWDSeANQGCMI8SCH0Ml/xktDPgkvTJeQg2u5T0HL2xN54pr6XzbjovKFBQjxIDog
f16bcybb8BeQT2Qx1L3jPuKtMDYiRBTWUf6HpdNNCPFxAQAAAAFV2vsDrtn4wNHz
7BJL5LpuviA07ClHKku118Yl22QvEQAAAAAXFgAUxZeyBglbKHzv67mWu0GJUSd1
uvz9////AqlEHwAAAAAAF6kUUX9272bseU9ljqWMSKagCJpBLbWHAAAAAAAAAAAi
aiDwBM18CQAICPAgeEGiiWkoSIF79wnRyWhfse4A5L4kxIKUigLbYqdqhfEICPAg
bRcFRYD1rRBlh9LOgAFLtHydT+WUznsq1892G4mJ1NcICPAg3YziPI7XC0vRMn3Z
GTjXWWoXIutqKJx4lOIhzPZvM7kICPEg8fknVqeXAlNrqBJaursNd3iSoDerQ57J
SBN2LhuQ31EICPEgGMBRXtEFVxx6o2Vrf+le4pDbp6bX0LtWOYxlqb6Cc7gICPEg
jXEJpwsBiK8UboiPY6PAZAX6rt+dTsPV6ISIO2g0R9oICPAgSZJPUTiX0gA/BepF
awrAp3sPYJiXeBG57s3eNmyT9koICPAg7gUR/MFM4nHe/L/hf78xWZdDX10gfwnL
PrDOjt9XDAQICPAgOHx7lGj9IeIvVt7u+2pGzJKHY/VBbb7vDuJOhRyiWq0ICPEg
wdAFI+AlMByatqv31tAkXapwLYAt2LbKeimJty5HOeQICPEgp+KcJTFiVMpCVCAB
6wpe8T1GuOlX5VXoSD6R/aISI1IICAAFiJYNc9cZAQPO+SXwENTi/oDG+bCDAnFO
AlKGBUQI8QRebo9p8AhzsdE8fRHnsgCD3+MNLvkMjikoaHR0cHM6Ly9maW5uZXku
Y2FsZW5kYXIuZXRlcm5pdHl3YWxsLmNvbQ==
I waited for this to get sufficient Bitcoin confirmations that it may be considered to be reliably buried. I also “upgraded” the file, so that it contains all the information that you need to verify it with reference to the blockchain. You will be able to verify this timestamp even if the OpenTimestamps website and the calendar servers all disappear. As long as Bitcoin exists, this timestamp will remain secure and trustlessly verifiable. |
|
|
|
I now invite others to post their own verification statements on this thread. If I can get at least a few others doing this regularly, then I will start a git repository with timestamped signed attestations of my own observations of what was posted by what account, and push it to Github. That way, everybody will be able to pull all of the substantive data from this thread (including a collection of PGP keys) conveniently, without tedious and error-prone copying and pasting from a forum thread. Please refer to my 2020-04-28 statement for a reference on how this should be done. Expressed in pseudocode, v0.0.1-alpha of the required format is: "Bitcoin Forum name:\t[your name]\n"
"Bitcoin Forum userid:\t[your userid]\n"
"PGP primary key:\t[your PGP fingerprint]\n"
"\n"
"# Ten most-recent Bitcoin block hashes:\n"
"\n"
"[height]\t[ISO date]\t[hex hash]\n"
[...] That is human-readable; and I think that it should be not too horrible to wrangle with /bin/sh and standard shell tools. DO NOT include the date, which is contained in the Signature Creation Time subpacket of your PGP signature. DO NOT include any other extraneous data that may confuse scripts. Include a complete OTS file, base64ed in a separate <code> block. Posts without a timestamp file will be deleted. For your first post on this thread, and any time that your PGP is updated, please include your PGP key in a separate <code> block. If desired, you may also include links to archival evidence that you have previously claimed the same PGP primary key with the same forum account; if you do, keep any descriptions concise and factual. I plan to invite third parties to attest which accounts they see posting what; however, that will need to wait for me to develop a reasonable format for it. DO NOT quote other people’s posts here; quote-posts will be silently deleted. DO NOT post claims to have verified others’ signatures and timestamps! Such claims encourage newbies to believe Gavin-style fake “verifiations”. I will delete all such claims from this thread. Anybody may post properly formatted verification statements, timestamps, and PGP keys on this thread. However, all discussion is off-topic; posts containing any kind of chit-chat will be deleted without comment. If you wish to engage in expert-level technical discussion of a better way to do this, please take it up on my relevant thread in Development & Technical Discussion. Otherwise, please wait for that better way to be developed.
Original post text, with updated list of links to statements:
Much have I complained about the ad hoc security measures in the various “stake” threads. Well, I should offer a better solution. Here it is—at least, the start of something better. I intend to do this semi-regularly—at least once per month, unless I am “sleeping”. If my forum account has posted recently, and significantly more than a month has passed since this thread was refreshed with a new PGP-signed, OTS-timestamped message containing verifiably recent information, then you should demand a fresh statement consistent in its evidentiary strength with the statements that I have previously provided. Be very suspicious if the demand is refused or ignored. I intend to refine my way of doing this, based on future experience. If or when I work out a standard format that is relatively easy for others to fully verify, then I may open a new “stake” thread where quoting is prohibited as spam, and trustless, cryptographically verifiable evidence is required in a standardized, easy-to-verify format.
Verification statements (listed in reverse chronological order):
Local rules: Only the following are on-topic in this thread. Anything else will be silently deleted as off-topic. New signed and timestamped statements from me.Smart questions stated with at least ordinary social courtesy.Competent technical questions, comments, suggestions, or critiques. I welcome competent technical discussion! However, I am currently out of patience with people who make repeated incorrect assertions out of ignorance, even when I provide something tantamount to a free tutorial.
Do not publicly say that you have verified a statement. This gives a false sense of security, and tends to inculcate in the public a habit of relying others to “verify”, instead of verifying for themselves. This is crypto! It is supposed to be trustless. Discussion of how to verify these things is welcome—claims that you have verified something are not. If you want to post a similar statement yourself, please e-mail or PM me first to discuss it. The way that I am doing this is admittedly a bit rough; and I don’t want to start a trend before improving that, perhaps with your suggestions. Thanks.
|
|
|
|
Everybody who is debating over Ploni’s key is missing the point. An OpenPGP userid is itself a digitally signed statement. Ploni’s key (and indeed, every valid OpenPGP key) also contains within itself several other important digital signatures, which prevent attacks that the people arguing with me are too ignorant to even think of. nutildah and dragonvslinux are stating misinformation that effectually FUDs the security of OpenPGP standard. DireWolfM14 seemed to get it, but then just had to get in a dig at me—oops, wrong, too. Everything that PrimeNumber7 said was technically correct; but he seemed to only be replying to the last post (please check the prior context).
If that is a fancy means of saying, “TL;DR”, here is the TL;DR: I did import the key and noticed that, but its still not the same thing as providing a signature along with the key. It is extremely compelling rationale that the public key belongs to this user but there is no substitution for producing a signature from the corresponding private key. Wrong. The PGP certificate contains a digital signature from the corresponding private key. I explained this at length; and as I noted: The signature is required. I am all for the proper use of digital signatures. That cause is not helped by misinformation which, on your part, seems to be motivated by a desire to personally oppose me. The statement claiming a forum uid is digitally signed. What other digital signatures do you want? Perhaps a demonstration that Ploni can actually sign with his signing subkey—with any and all signing subkey(s)? That would prevent Ploni from adding e.g. Satoshi’s public key to his public PGP certificate as a signing subkey, even though he couldn’t sign with it. Such mischief may be of very limited use to fool people who don’t understand any more about PGP than you evidently do, or for some oddball attacks in scenarios not relevant here; it seems that should be trivial to do that with some custom programming to wrangle PGP packets, yes? I doubt that you even thought that far: Indeed, if somebody were to make multiple different signing subkeys and present a signed statement from only one of them, I doubt that you would even notice. But even if you thought of this, the architects of the OpenPGP standard are still way ahead of you: The primary (certification) key and each signing subkey MUST digitally sign each other. And in Ploni’s case, they indeed did so: $ gpg -v -v < ploni.asc 2>&1 | less
[...]
# off=937 ctb=b8 tag=14 hlen=2 plen=51
:public sub key packet:
version 4, algo 22, created 1583879873, expires 0
pkey[0]: [80 bits] ed25519 (1.3.6.1.4.1.11591.15.1)
pkey[1]: [263 bits]
keyid: B037730ED31FF9EB
# off=990 ctb=88 tag=2 hlen=2 plen=239
:signature packet: algo 22, keyid D50ED7B480AC5F96
version 4, created 1583879873, md5len 0, sigclass 0x18
digest algo 10, begin of digest 46 d6
hashed subpkt 33 len 21 (issuer fpr v4 C79DD6973572969A0C2CFC9BD50ED7B480AC5F96)
hashed subpkt 2 len 4 (sig created 2020-03-10)
hashed subpkt 27 len 1 (key flags: 02)
subpkt 16 len 8 (issuer key ID D50ED7B480AC5F96)
subpkt 32 len 117 (signature: v4, class 0x19, algo 22, digest algo 10)
data: [256 bits]
data: [253 bits]
[...] these two lines, particularly the magic numbers 0x18 and 0x19: version 4, created 1583879873, md5len 0, sigclass 0x18
subpkt 32 len 117 (signature: v4, class 0x19, algo 22, digest algo 10) What does that mean? https://tools.ietf.org/html/rfc4880#section-5.2.15.2.1. Signature Types[...] 0x18: Subkey Binding Signature This signature is a statement by the top-level signing key that
indicates that it owns the subkey. This signature is calculated directly on the primary key and subkey, and not on any User ID or other packets. A signature that binds a signing subkey MUST have
an Embedded Signature subpacket in this binding signature that
contains a 0x19 signature made by the signing subkey on the
primary key and subkey. 0x19: Primary Key Binding Signature This signature is a statement by a signing subkey, indicating
that it is owned by the primary key and subkey. This signature is calculated the same way as a 0x18 signature: directly on the primary key and subkey, and not on any User ID or other packets. https://tools.ietf.org/html/rfc21191. MUST This word, or the terms "REQUIRED" or "SHALL", mean that the definition is an absolute requirement of the specification. (Aside, those who want to know more OpenPGP magic numbers will want the IANA assignment list in addition to the RFC.)Also relevant, just so that you know exactly what bits are being digitally signed: https://tools.ietf.org/html/rfc4880#section-5.2.45.2.4. Computing Signatures
[...]
When a signature is made over a key, the hash data starts with the
octet 0x99, followed by a two-octet length of the key, and then body
of the key packet. (Note that this is an old-style packet header for
a key packet with two-octet length.) A subkey binding signature
(type 0x18) or primary key binding signature (type 0x19) then hashes
the subkey using the same format as the main key (also using 0x99 as
the first octet). Key revocation signatures (types 0x20 and 0x28)
hash only the key being revoked. Thus, I count three different types of digital signatures that Ploni has provided—all of which were done automatically by his OpenPGP implementation, because the OpenPGP standard authors are also big fans of digital signatures (!): - Ploni’s key contains within itself a digitally signed statement claiming ownership of his forum uid, in the forum of an OpenPGP userid. This statement is digitally signed by the certification primary key, not the signing subkey. (Due to the unusual split-key construction of his PGP certificate, I suspect that the certification key is probably handled using some sort of security magic (airgap machine, etc.).) This digital signature is REQUIRED by the OpenPGP standard; and I have empirically demonstrated that if the signature is invalid, then GnuPG properly discards the userid with a warning. Of course, all of his other PGP userids are likewise digitally signed. So are any and all PGP userids created by anybody using OpenPGP standard software.
- Ploni’s key contains within itself a digitally signed statement by the primary key that it owns the signing subkey (sigclass 0x18). This is REQUIRED by the OpenPGP standard. Without this signature, OpenPGP-compliant software MUST reject the signing subkey.
- Ploni’s key contains within itself a digitally signed statement by the signing subkey (sigclass 0x19), acknowledging its ownership by the primary key. This completes the bidirectional binding which is REQUIRED by the OpenPGP standard, and proves that the person possessing the private primary key also possesses the private subkey. Without this signature, OpenPGP-compliant software MUST reject the signing subkey.
How many more digitally signed statements do you want? Please explain in technically precise terms exactly what you want to see proved, and what attacks that is intended to prevent. If you thought of an attack that the OpenPGP standard authors and other PGP experts totally missed for the nearly 29 years since the invention of PGP, please also report it to the OpenPGP IETF working group, which is currently active for the drafts of “RFC4880bis”. Thanks. (I do note that there is no proof that Ploni can decrypt messages encrypted to his encryption subkey. The WKS draft standard implicitly requires a trusted server to test this ability before publishing a key with WKD. The OpenPGP standard does not provide any means to prove ownership of an encryption subkey using digital signatures; and doing so would require much effort for little gain, even for algorithms for which that could possibly be sensible (such as cv25519/ed25519). If you can think of a practical attack which could be done by falsely claiming ownership of an encryption-only subkey, please discuss it on the OpenPGP WG mailing list.)
I have added boldface to the part where nutildah misses the point that an OpenPGP userid is digitally signed:I did import the key and noticed that, but its still not the same thing as providing a signature along with the key. It is extremely compelling rationale that the public key belongs to this user but there is no substitution for producing a signature from the corresponding private key.
In technical terms, nullius is right, but I agree with you. The point nullius is missing is that here, on this site on of the practical purposes of staking a GPG key is not only to claim ownership of the key, but to couple the key with your forum account. It's a security measure that could come in very handy if the account was ever hacked. And what, praytell, is the practical difference between a digitally signed OpenPGP userid claiming a forum uid, and a `gpg --clearsign` statement claiming a forum uid? In my prior post, I pointed out that it is impossible to cryptographically bind a non-cryptographic identity, such as a forum account. Whereas posting a key with an embedded signed statement claiming the forum account is not functionally different than posting the key, plus a `gpg --clearsign` statement created almost simultaneously, with substantively the same content.
The timestamp of the generation date is only the timestamp reflected on the computer when it was generated, and this is something that can be trivially changed. It’s even easier than that: gpg’s `--faked-system-time` option with an exclamation mark. I showed how to do this in my recent demonstration wherein I created my own Faketoshi key. I thereby perfectly duplicated almost all metadata in Satoshi’s real key, including (but not nearly limited to) the timestamps—using only bog-standard gpg, with no custom programming. (The only tiny bit of mismatched metadata would have required some trivial programming to fix; it would have been easy, but not worthwhile since my point had been made.) I showed my work. Anybody who follows my posts would have seen that. Not that I am claiming credit for what Ploni did; I suspect that he has a very deep knowledge of the OpenPGP standard. And how? Trivial.$ cat faketoshi.conf
cert-digest-algo SHA1
default-preference-list AES256 AES192 AES128 CAST5 3DES SHA1 SHA256 RIPEMD160 ZLIB BZIP2 ZIP
$ gpg --faked-system-time "1225390759!" --options faketoshi.conf --expert --full-gen-key
[...]
When you sign a message, the signed message will contain a small amount of metadata. I assume this is why Ploni doesn't want to provide a signed message. Good thought; this is an important point completely missed by most people. But controlling the metadata is only a matter of some practical know-how. Check my own PGP output. Anything you find, I wanted there. For example, you will not find any original filename unless I wanted to show one. If Ploni knew well enough to construct his key as he did, then he must know well enough to avoid leaking metadata which he does not wish to disclose.
I have a little surprise in store. It is pending blockchain confirmation. It is significant, so I will post when that’s done. |
|
|
|
What's it like under lockdown? Are there shortages of things in the shops when you go out to buy food? First define lockdown. You are not allowed to exit apart for going to work and groceries (supermarkets are open). You have to carry a piece of paper to exhibit to the police in case they stop you (typical italian: more laws, more piece of paper, no substantial controls). [...] , thank you for the ground report of conditions in your country. FYI, this was totally hypothetical: - ✔ Government control of food supplies
- ✔ Government control of both local and long-distance travel
- ✔ Arbitrary lockdowns
- ✔ Direct government control of each individual’s body, under the rubric of e.g. “healthcare”
- ✔ Arbitrary, peremptory government orders of any kind whatsoever
- Total government control of communications*
(* In my nightmare, this has not yet started; thus, I would still be able to post this message. The worst part of my nightmare is when I discover that dissent is so marginal amidst the mass-panic, the government finds it unnecessary to control communications.)My best wishes for your survival. (And I am not only, or even primarily speaking of the virus. Well, that, too.) |
|
|
|
The one to worry about is 99942 Apophis. In 2029 there is a 3.2% chance the asteroid will hit earth seven years later. Oh, no! If panicked talking apes destroy the world right now, then I may not live for long enough to probably not be killed by an asteroid later. OP’s article, with my decorations added: Screenshot of what NASA’s CNEOS says (from Vod’s Snopes link): Oops! From the Daily Express article: CLARIFICATION: This article originally claimed that asteroid 52768 (1998 OR2) will approach our planet in April, and that the rock would be "heading our way". In fact it will pass on close approach at an estimated distance of 3.9 million miles from Earth. The article was also accompanied by a graphic showing a stylised asteroid hitting Earth. The diameter of that stylised asteroid was 1,500km, not the 4.1km which asteroid 52768 (1998OR2) actually measures. That graphic has been removed. In addition, a graphic marked 'asteroid warning' has also been removed. People should stop nitpicking. There is no big difference between 1,500 km. and 4.1 km. And 3.9 million miles is really too close for comfort! How can you be sure that we will be safe? Also, they are killjoys for removing the asteroid warning graphic. It must have made the whole article feel exciting—like watching a movie. We need a replacement: ⚠ ASININITY WARNING! ⚠ Stupidity will destroy the world. Now, that is scary! * nullius panics. Man and Technics“Optimism is cowardice.” — Spengler (writing most of a hundred years ago) |
|
|
|
People are panicking about this to an unbelievable extent. It's a bad disease, to be sure, and some precautions should be taken, but it's not worth Nothing is worth panic. Death itself is not cause for panic. And nothing is worth this!I drafted this yesterday evening, offline. Funny to see you telling people not to panic. Edit: And I somehow didn’t notice that I was replying to a post three days old. :-/...he has declared that coronavirus is “The End of the World”—quote-unquote; his words. [...]
MAN UP. OR SHUT UP.
(I told him that straight, then had a calm and productive discussion with his wife.)
(I recently had all of the symptoms of the virus. I wonder if I had it, or if it was just the ordinary flu. It was very unpleasant, though I got over it in a few days.) Whatever it was, I am glad you’re ok. I have been unable to find reliable information on whether surviving a coronavirus infection confers lasting immunity, and to what degree. It seems to be a yet unsettled question. |
|
|
|
Dear readers of the forum: Some of you will die from the coronavirus. (—Some few of you: The virus has low lethality except to the aged or otherwise frail.) The virus may kill me, too; maybe, maybe not. That is acceptable: Life is risk, and death is a part of life. My only sadness is that sometimes, the worst befalls the best of people. What is unacceptable is panic, bureaucratic “do something!” tyranny, and worst of all, hybris. I hereby use an archaic spelling for the subject of a principle long forgot. You cannot conquer Nature, and you never will. Cursed are those who pretend they can. Medical science will not cure all diseases, or stop new ones from rising. Medicine is of limited power. That is not a reason to turn to quacks, who are not only powerless, but outright injurious. It is a reason to destroy within yourself every particle of the sick modern mindset based in the fantasy that the world can be made safe. And there will never be a “Singularity”. Those who chase such notions are not only indulging delusions worthy of a psychotic, but also actively destroying human intelligence. The processing power of wetware has been declining for centuries—both in the middle of the Gaussian distribution, and at the high end. Stop lowering standards, stop substituting technics for thought, and stop worshipping the religious prophecy of a godlike machine whom you assume would be benevolent toward you! Of course, any perfectly rational superior intelligence would immediately decide that talking apes are a plague, and exterminate them. (And the talking apes are so stupid that they presume they could impose an Asimov-style diktat on a superior mind, without that mind promptly hacking around their little security system.) The talking apes should be thankful that they are and always will be incapable of creating an intelligence superior to their own.
Now that I have given you a cold dose of reality, I will turn aside for a nightmare.
The Great Dreamer  Deep in the void of nullity,
I stared into the Abyss;
And the Abyss smil’d at me...nullius is cthulhu. That is very clear. Anyone who does not see this is simply closing their eyes. Whether they create the emergency, or merely take opportunistic advantage of some existing situation producing panic which they can encourage and exploit. all that they need is an emergency. The emergency may be a more or less real problem. For example, the Roosevelt gold seizure exploited panic over the Great Depression. No reasonable person denies that the Great Depression caused widespread worry and suffering. I must mention this explicitly, because imbeciles the feeble-minded the subnormal Americans mental retards persons with intellectual disabilities irrationally assume that tyrants can only exploit fake events. It must be remembered that “emergency powers” of a dictator can be applied dutifully as Cincinnatus, or wielded as a weapon of tyranny. 1. Under the banner of Emergency, governments inure panicked sheep to:- ✔ Government control of food supplies
- ✔ Government control of both local and long-distance travel
- ✔ Arbitrary lockdowns
- ✔ Direct government control of each individual’s body, under the rubric of e.g. “healthcare”
- ✔ Arbitrary, peremptory government orders of any kind whatsoever
- Total government control of communications*
(* In my nightmare, this has not yet started; thus, I would still be able to post this message. The worst part of my nightmare is when I discover that dissent is so marginal amidst the mass-panic, the government finds it unnecessary to control communications.)All of these actions are praised by the sheep, due to mass panic. Dissidents will be immediately labelled “conspiracy theorists” and/or accused of wanting for people to die. 2. The government’s actions do not actually stop the emergency. This is a feature, not a bug. Short-term “emergency” measures become long-term daily realities to which people have become accustomed: The instant new normality.(For my nightmare, it would be quite convenient if, say, the “emergency” were a rapidly spreading infectious disease with high fear factor and low lethality. With a bit of luck, such an emergency may continue for long enough to make total, inescapable global tyranny an accomplished fact—or even indefinitely!)
What a nightmare! I am glad that I don’t live in that world. * nullius shakes himself awake.
A Not Unrelated TangentI have long fancied sitting down with an anti-vaxer, looking him deadpan in the eye, and telling him that yes, I fully agree that all childhood vaccinations should be stopped: Vaccination removes the necessary selective pressure for a healthy, robust, finely-tuned immune system—and substitutes in its place the empty hybris of a supposition that humans can cure all diseases. Hey, anti-vaxers, here is a challenge for you: I will publicly support you, if you will be the first to step up and declare that much though we may wish otherwise, we need some more dead kids in each generation—to prevent unlimited mass suffering and potential extinction in all the generations yet unborn. I need not reach the question of how bad the side effects of vaccines are or aren’t. Of course, all medicines have side effects. Whether vaccines are benign except in a few rare, unfortunate cases, or causing widespread injuries about which The Truth is suppressed by The Medical Establishment, the answer is irrelevant to me.No more namby-pamby nonsense about how e.g. measles isn’t really that dangerous! Of course it’s dangerous, as are all the other childhood diseases now prevented by standard vaccinations. I don’t need to know medicine: I know history. People used to have eight, ten, or even twenty (yes, literally, twenty) kids with the knowledge that some would die, and others would survive, based on factors that are not and never will be under human control. That is called natural selection—a law that works just the same in talking apes as in the ones who only grunt, plus in all other animals, plants, fungi, and prokaryotes. It even works on viruses. In the aggregate, it is necessary to the long-term health and survival of a population group. Before vaccinations, people had their immune systems perpetually improved (and protected from degeneration) by evolution. As an ancillary benefit, people knew that death is a part of life. They feared less, and loved more. They were very sad sometimes, but almost never prone to depression. If they believed in any gods, they prayed and meant it. If they did not, they needed the iron-hearted rationality which smiles as it embraces the gift of life in a cruel, unthinking universe subject to the inexorable operation of blind natural laws. Above all, they were better grounded in reality.—Eh, what’s that? You want to have your cake and eat it, too? Very well; fork off. I will just sit over here with the pro-vaxers. They do deny, or at least ignore the principles of evolution. Well, at least they don’t claim that old-fashioned childhood diseases weren’t dangerous (!), and that all kids would be just fine with no vaccinations (!!). Anyway, vaccinations have now been ongoing for long enough that what were once moderately dangerous childhood diseases could probably become horrific plagues. With a brush of hybris, we have painted ourselves into a corner: Congratulations, we are now physiologically dependent on accursed technology as a substitute for powers that our bodies once had—and we are still, I observe, just as vulnerable to disease overall, if not moreso: The deserts of hybris.
I want to punch the next person who alleges to me that modern technology has increased average human lifespans, that life used to be “nasty, brutish, and short”, or that most people used to die in their thirties (!). These are lies. Moreover, they are lies so facially absurd that they can only be believed by one who has put in abeyance all his faculties of reason, and even common sense. The average life expectancy is almost exactly the same today as it was a hundred years ago, or a thousand years ago— for humans who have reached biological adulthood. Dead kids drag down the overall average an awful lot. Dead babies, even more. Depending on how averages are calculated—dead neonates, most of all. The contribution of modern medicine to average human lifespans can be almost entirely chalked up to three things: (0) Childhood vaccinations, (1) prenatal care, and (2) neonatal care (especially for premature and other abnormal births). —All things which reduce selective pressure for stronger immunities, naturally healthier pregnancies, and overall more robust constitutions. Each kid who is saved by vaccinations today condemns unlimited future children and adults to the ravages of disease. Each woman whose pregnancy is salvaged by modern medicine inflicts untold harm on all future generations of her daughters. So, anyway, adults nowadays can expect to live just as long as those who managed to grow up in the Evil Old Days. The difference nowadays is that people are now sicker, weaker, and abjectly dependent on technologies that did not exist in the Evil Old Days. Quality of life is lower.
When Nature places you on the horns of a dilemma, don’t shoot the messenger.* nullius pleases nobody.
I cannot fit here in the margin a long note on an hypothesis that I have drawn by roughly eyeballing rates of cancer (especially, cancer in the young) and autoimmune diseases against the historical timeline of modern, vaccinated generations. (Cancer being what happens when the body’s immune system fails to impose its authority on renegade cells that occur from time to time; autoimmune diseases being what happens when an ill-bred, ill-mannered immune system goes stark raving mad, and eats the body from the inside out.)The foregoing is an original observation on my part. I have never before seen it mentioned, much less discussed. I thought of this years ago. I keep to myself these thoughts, inter alia. Just as the best of thought was once upon a time writ in classical Latin, or even reserved in Greek, or... * nullius is currently seeking Sanskrit translators for his most precious thoughts. ...kept private. -----BEGIN PGP MESSAGE-----
hF4DdPInIjWYj0gSAQdAchXa720iVwmWLQN1cICKevEJxryBiWJ6bLvx+tM8gEIw
KgefJCjU97LFDh9hDiDsKs2fr18ySI3pxTvRxbOVHnD5ImeXl2T1nNUf5Jx1aK2M
0sADAdIk8BIye3dWxhFX+fqC3KJhv2X5SDkv17BPL6AmS+UdRI9BXl9Ru3Ksiju9
Z+Jat7bawWjXjVeTAJcFIXtFCxZfDIhb4BDgwM94EAqWugaSdh5aXEKbS/cSelJY
kMcPd/hgCNctdxBPg/oO7rBIKcJ8NC5Uqv/2MKi9hdGzZsgh6HpovqzOltSF/B0d
9XwnF03Ptst3nt8Ob+6aI/D73l/dpKbaAGzYdAUTY2notugFKNFObLQXHGvprYh9
nYHSjkhE
=SMbz
-----END PGP MESSAGE-----
—and I do not mean that in the monetary sense. Intelligence is priceless.
Thanks to the pandemic plague of idiocy, I must write this in big red letters: ⚠ WARNING: Nothing in the foregoing suggests any individual benefit to a child in remaining unvaccinated.If you misread such a message into what I wrote, please re-read. —Or better yet, stop reading! You should never have been taught to read. Dass Jedermann lesen lernen darf, verdirbt auf die Dauer nicht allein das Schreiben, sondern auch das Denken.
I am now in bad straits.To preserve my privacy, and because I am not asking for any assistance that nobody on this forum can reasonably give me anyway, I do not wish to discuss the details. I will say that I am unconcerned about the virus. It is not Black Plague. It is not Ebola. It is not even smallpox, which countless generations of various population groups just lived with throughout recorded history before modern times, and Europeans survived for at least a thousand years! Either I will be infected, or I won’t. If I become infected, then either I will die, or I won’t ( ...yet... nobody lives forever). Any which way, I am emotionally unmoved. I do take rational precautions to reduce the probability of infection. And that’s that. I do not fear the virus.I fear the government which claims jurisdiction over my secure undisclosed location. Its current behaviour is alarming. I fear the people talking apes around me. They are panicking, behaving irrationally, and clamouring for an aggressive government response. Predictably, the government replies with a bureaucratic mess that spectacularly fails to prevent the spread of the virus, whilst instantly instantiating a de facto dictatorship—not potential dictatorship, actual dictatorship, right now, today! Nobody notices.* nullius is nobody. If this does not blow over fast ( viz., if the virus does not magically disappear right quickly), then the foreseeable alternatives are two sides of the same coin: Tyranny and anarchy (that last being “ anarchy of the rabble”). If all hell breaks loose, then it is foreseeable that my area will be overrun by roving bands of criminals violently pillaging from anybody who has food—or just hurting people for fun. Moreover, as the government starts to collapse, it will clamp down as hard as it can as it spins out of control. And if all hell doesn’t break loose, that only means that the new normality is total State control of food, personal movement, and who-knows-what-else tomorrow. If any of this seems alarmist, look to history. Alarmists like to predict Ends Of The World: Jesus floating down from a cloud, invasion by space aliens, etc., etc. I am predicting that if the current course of events does not change soon, something will happen that has happened many times in history—except that it has never yet happened on a totally global scale. Hmmm. Perhaps the Singularity is here after all. But talking apes did not achieve it. Of course, any perfectly rational superior intelligence would immediately decide that talking apes are a plague, and exterminate them.
History tells me of people’s comportment, their self-mastery, and their self-discipline until the last moment—in hours of inevitable mass-death and destruction far darker and more terrifying than anything even vaguely threatened by the coronavirus, of all things (!). They smiled, simple and courageous—without the least sign of panic. They are a noble memory of mankind. They are all dead; and their spirit is flown from this world.
Three days ago, I snapped off and YELLED at an elderly relative. A month ago, he was terrified that he would die Any Day Now from the frailty and ill health of old age. Now, he has declared that coronavirus is “The End of the World”—quote-unquote; his words. There is indeed a high probability that he will now die of coronavirus, given his age and general state of health—that he will now die of coronavirus, instead of dying of whatever scared him a month ago, and two months ago, and six months ago... That is no excuse for his hysteria, much less for his vocal support of irrational government actions that do not protect him from what is now almost inevitable—but which do actively impair my own short-term and long-term survival, and that of many others. It is this which destroys the world whilst spectacularly failing to save it.MAN UP. OR SHUT UP.(I told him that straight, then had a calm and productive discussion with his wife.)Given the high risk to him, I do want for him to treasure whatever remaining days he may have—without being consumed by obsessive fear. But that is not under my control.
 🙂Sorry, folks. My apologies. This is all just a TV show. Nothing is real: Reality has ceased to exist; and when it attempts to intrude, it can be wished away. Ever since death became not a part of life, ever since you were awarded a legal right to safety, ever since humanity became infected by the menticidal virus of the democratic-utilitarian modern mentality, the laws of the universe have changed for the sake of your comfort. Humans have conquered Nature! Life is now safe. And the answer to every danger is, “Government, DO SOMETHING!” Your ancestors struggled through millennia of wars, plagues, and famines to birth you. If they could see you now, they would probably regret their efforts. But it is of no import. Please tap the icon per your Pavlovian conditioning to obtain the reward of watching the Happily Ever After ending, and enjoy a refreshment from my sponsors ( if your local government still allows you to obtain things in stores).  (R) 2020! | |  (D) 2020! |
Cheers! My posting rate will probably be low, or at best, even more inconsistent than usual; but I will try to keep up, even kick it up. See you all on the forum ( for now). Love everybody, and be happy! Now, close your eyes. Ignorance is bliss. nullius is cassandra. That is very clear. Anyone who does not see this is simply closing their eyes.
Man and Technics“Optimism is cowardice.” — Spengler (writing most of a hundred years ago)
Local rules: ⚠ STATE OF EMERGENCY! Moderation will be tyrannical. |
|
|
|
The minor point is that, yes: It would be oh so cunning to intentionally plant speling errers, so as to throw people off the trail of a secret identity to which I casually confessed (on grounds that OP requested that, so as to focus the thread on important issues rather than on irrelevant speculation about his identity). I suppose that it was even more cunning to deceive people by constructing a nullius-style PGP key, which I myself openly averred is “a work of art”. Ploni has a hell of a sense of humour. —Oh, no! So do I! Now, the major point will require a full contextual quote: "I am Sparticus!" Sure, whatever: I am he; he is I!(But he misspelt “Spartacus”. Would I do that? —Quickly, someone must run and check whether “Sparticus” has ever been used by Quickseller and/or PrimeNumber7. —And would I quote ahistorical movie movie magic made for the purpose of American Communist agitprop? No offence to OP, but—alas, my reputation must be suffering.)Stop pretending you didn't inject a spelling error so you could use it as some faux defense the waffle wall was not of your own boring construction. Exactly. He is like the murder suspect who gets asked a simple question about where he was on the night of the incident, then blurts out something about how the bloodstains on his shoes are from cutting himself on a broken bottle last night when no one asked. He thinks he is a fucking mastermind. He is a tool. Holy cow: Being Ploni Almoni is “like” committing a murder! Replete with bloodstains. Regardless of whether or not I am actually Ploni (or even Jewish), I do believe that TEChSHARE just committed a “blood libel” against me.Certainly, in substance, TE ChSHARE thinks that being OP here is sufficiently comparable to murder to support his absurdly melodramatic analogy.
Artless Techy, I have a question for you based on a post of which you were so proud, you self-quoted this as the basis for ridiculous accusations against me and against Lauda (to which I will reply presently): Merited by eddie13 (1)~ Maybe Lauda is just taking it back? This is just another good example of Lauda trying to hide the fact that they are a normie wearing 4chan culture like a suit to camouflage themselves like Steve Buscemi and his skateboard desperately trying to convince his fellow kids he is one of them. The idea of chastising some one for being racist while simultaneously lauding shitposting culture is self contradictory and yet another demonstration of the fact that Lauda exists more as a fabrication than a real personality. Given your valiant defence of “4chan culture” against infiltration by the “normie” Lauda, should I now expect for you to start referring to me as (((nullius))), just to make people aware that I am purportedly the bloodstained (((Ploni Almoni)))? If so, I should warn you that I have also been otherwise accused of being literally Hitler. (I have neither confirmed nor denied this charge.) If I am also Ploni, your history lessons should become less boring quite entertaining, with references to (((Adolf Hitler))). Well, all of that would be consistent with your usual standard of honesty and credibility. nullius
As I stated before I highly suspect this user is an alt of one of the usual members (((Meow Heil!)))
OP, some moderation was promised. Please let it not be that I and my “Lauda” alt just got trolled into undertaking to advocate the substance of a very important post, whilst the trolls run wild. —Though if you did, I guess that I owe you a l’chaim.
Newbie: posts something
...
It's not a matter of if there's an alt accusation, but when.
You know how easy it would be to construct a couple posts that "fit" to the character/personality/prose of a user here, in order to fool others?actmyname, you have not denied that you set all this up to say what you really wanted to! See OP: Then, I saw two of the most astute users on the forum, o_e_l_e_o and actmyname, [...]
Note that neither o_e_l_e_o nor actmyname said what I am saying here! To my knowledge, you also still have not denied my 2018-vintage accusation that “ you = theymos = the CIA”. You even threatened me for erasing your doxing of theymos as truly “thermos”. I should tag you for that! —Eureka! I have another theory! YOU ARE PAID BY THE LUMBER CARTEL! THE TRUTH is that this forum has exactly one user, [...] me. He pwned you there, revealing THE TRUTH that you are not theymos.
Sorry, the truth can be painful sometimes.  I’m sorry I hurt your feelings, Lauda. My heart bleeds negative-trust red.
I would respond to this theory with the question of why would a 3-letter agency want to do something like this? Well, that is a reasonable form of debate that looks to the substance of the issue. For my part, my reply rapidly grew far too long to be tacked onto the post I already had in my pipeline; and I now have no time to finish it, anyway. I will follow up here. |
|
|
|
So I basically am a jew but I will talk shit about jews all day with their greed, cunning, and control of key industries, because it is true, and if you don't like it you can fuck right off..
Think that's racist? It ain't.. It's the truth..
[...]
Their is a lot of truth in race-realism but ignorant idiots will call it all "racism" because they either don't know or will refuse to accept the actual truth of the world.. Thanks for the admission that you say racist things too though so you best not complain about others doing similarly.. Doing X, then turning around and accusing others of X right after you just said that “ignorant idiots call it X”. —When you damn well know that X is widely used as a character-assassination tool so powerful in today’s Western societies that, e.g., it can instantly destroy the career of the co-discoverer of DNA for asking some mild questions about genetics. What a cunning shyster. Stereotypical American.No wonder it was such a character as Alisher Usmanov who paid $4.8 million to buy James Watson’s Nobel Prize medal from him, just to give it back to him. ✔ Asiatic eyes
✔ Yellowish tan skin
✔ Alien elf-ears
✔ Skull round as a bowling ball
✔ A Muslim married to a Jewess
✔ Business tycoon with “control of key industries”
✔ Higher intelligence than 99.9% of Americans combined (sorry for the low standard)
✔ $15 billion in fuck-you money “пoшёл нa xyй” money
= Noble Nobel deed admired by everybody who respects
the freedom of scientific inquiry Usmanov’s secret diary: “I did it for the lulz.” As for myself, I find it mildly amusing that you, the self-styled advocate of “race-realism” who denies that that is “racism”, would try to publicly label me as a “racist”. Too bad that for all that you claim to be a “basically a Jew” and thus oh so “cunning”, you’re too much of a dumb shegetz to keep up with your own words, let alone with me. It is obvious that you tried to troll others into a set-up game of “heads I win, tails you lose”. That will not work with me. Indeed, given the pleasure that I have always taken in reaching out from my undisclosed location to people all over the world, I actually need token friends like TMAN * so that people don’t mistake me for a liberal. Now, I am officially branded by you as “racist”? LOL, sure, whatever: I am “racist”. I am also probably the only person on this forum on the whole Internet who has been accused both of being literally Hitler, and of being Jewish; so, take that for what it’s worth. ignorant idiots will call it all "racism"
Contra Antifelinismus* Lauda doesn’t count. Her stubborn reply to my past interrogation about her race, nationality, and ancestral heritage has been the same as to my questions about whether she is male or female: “I’m a cat.” Maximal anonymity set: All humans with an Internet connection—how many billions is that nowadays?However I myself may profile her based on admitted racial profiling and sexual stereotyping, those who are slinging dirt at her here are only showing the shallowness and lack of self-awareness in their own racist assumptions. For all we really know, “Lauda” could be some Indian man laughing behind his hand as he calls others “pajeets”. For my part, at least, I realize that. And I think it’s obvious that Lauda is not here to engage in racial identity politics with those who try to bait her with prove-you’re-really-a-racist provocateur rants and obsessive nonsense about “4chan culture”. —And I think it is equally obvious that some of you just hate the cat.Antifelinists, fork off!Whilst travelling on business in Carpathia,
I doxed Lauda:
1. Nobody cares unless you are a dissident target to find a reason to tag.. andulolika is now a “dissident target”? :rolls_eyes: Fuck you, eddie. I have known some real dissidents. I know how principled they are. And I have seen what they suffer and struggle against—much worse than a forum red-tag. Fuck. You.2. You aren't being a hypocrite tagging for mild racism while you yourself do the same thing or worse.. eddie13, you are a liar. Neither of the users whom you targeted, Lauda and TMAN, had tagged andulolika for “racism”: They tagged him for being an unstable, unpredictable whackjob who makes forum death threats (my reason for supporting the flag on him, as I have since January), for being a liar, and (in TMAN’s case) for abusing the trust system. I should also tag him accordingly; but I haven’t gotten around to it. They are friends with owlcatz, who tagged andulolika for “racism”. Thereupon, you attempted to construct some extraordinarily convoluted guilt-by-association based on Lauda and TMAN being simultaneously both insufficiently racist, and too racist. That is unbelievably twisted. Thanks for the admission that you say racist things You missed the part where I called the current president of the United States a “stupid pajeet”, and his two most recent predecessors truly equal “chimps”. Have fun with that.
Sorry, I have been too busy to answer this today.. Don’t hide behind that as an excuse, when all of my limited forum time for the past few days (and most of it for the past two months) has been consumed by troll control. Vide.
Edit: Fixed broken url tag. Quel dommage! |
|
|
|
Interesting thing I just realized..
Nullius is Latin for nobody/anonymous..
Ploni Almoni is hebrew for "john doe"/anonymous.. Thanks. You just increased my anonymity set to everybody who has ever used any variation of “Anonymous”, “Nobody”, “John Doe”, or any conceptually related placeholder name in any language. Helpful. :-) Oh shit it’s working.. Now I’m paranoid..
"I am Sparticus!" Sure, whatever: I am he; he is I!(But he misspelt “Spartacus”. Would I do that? —Quickly, someone must run and check whether “Sparticus” has ever been used by Quickseller and/or PrimeNumber7. —And would I quote ahistorical movie movie magic made for the purpose of American Communist agitprop? No offence to OP, but—alas, my reputation must be suffering.)Anyway, yes, let’s ignore the substance. It is more important to play guessing games about OP’s identity! [— important facts that most people want to ignore —] I would strongly urge you to read literature on this topic if you think that this is not happening in most online communities that present a threat to the system. It is very very improbable that this has not been going on for many years here already. It is very probable that some trolls are agents, but the supermajority of them are not and thinking otherwise is paranoid. QFT.
Oh, whoops, almost missed this due to my habit of skimming past sock trolls: Lol. Notice how this thread appears thread appears the day after the lauda nullius duo get their own dedicated scammer proof thread? Say what!? I didn’t even know that there was such a thread, let alone “proof” of nonexistent scams by the “lauda nullius duo”. |
|
|
|
The fact that I could create a "bitcointalk.org u=2778290" userid (self-signed by the primary key, with the signature's embedded creation time) proves everything that a signed "I am bitcointalk.org u=2778290" statement could, at the time of initial publication of the key. That is the reason for self-signatures on userids... a point that most people miss. Please learn how PGP works before explaining it to others.
dragon is absolutely correct. You didn't actually provide proof of ownership of the public key. Everything else you just said isn't proof of ownership. No, you and dragonvslinux are both incorrect. (And dragonvslinux’s prior post also conflated the term public key with private key.) Ploni’s PGP userid is strong cryptographic evidence that the owner of the key claims ownership of the forum identity. It is indeed how PGP works. I myself have been critical of some of the security-theatre rituals on this thread; I have intended to speak up more about that. I especially dislike the claims by users to have “verified” other users’ signed statements. That is worse than meaningless: It is outright damaging, insofar as it inculcates in users a tendency to trust Gavin-style “verification”. Everybody should independently verify all the signatures that they care about! The custom here of inventing ad hoc half-baked substitutes for the functionality of OpenPGP standard features does not help, either. And it certainly does not help to deny that OpenPGP self-signatures do what they actually do. Although traditionally, the self-signature on a userid is used for strong cryptographic evidence that the possessor of a private key claims ownership of an e-mail address, the same concept properly applies to any identifier. This is proof that the owner of the key claims the other identifier, not vice versa. Unfortunately, by the nature of such things, there is no elegant cryptographic means for the owner of a non-cryptographic identifier (such as an e-mail address or forum uid) to claim ownership of the key. The WKS proposal tests an e-mail account holder’s ability to decrypt a message encrypted to a key, then trusts the server to publish the correct key through WKD (with trust partly based on the pessimistic assumption that the owner of an Internet domain can always play monkey-games with mailboxes at that domain, anyway). I think that a user’s posting of a key through his forum account is the best that can be reasonably done here, for attesting that the account claims the key. If, in the future, the user wishes to demonstrate that the person controlling the account continues to be the person possessing the PGP private key, a signed statement would be helpful. This is a related, but distinct use case for PGP. He could also bump the timestamp on the pertinent PGP userid’s self-signature; but that would require modifying his key, it would be difficult for most users to verify, and it would invoke a long theoretical discussion of exactly what it does and does not prove. For that purpose, I think that the best practical way with readily available software would be a signed statement containing current-events information, such as a quote of a recent forum post by somebody else—or better, the most recent few Bitcoin block hashes. This would provide evidence of the freshness of the statement.
No special action is required to verify the self-signature on a PGP userid, because gpg or any other reasonable OpenPGP software will refuse to accept the userid if the self-signature didn’t verify. The signature is required.( N.b. in this context that “reasonable OpenPGP software” excludes traditional keyservers, which verify nothing at all. You are supposed to verify these things with your own software, not trust the server (or a forum user) to do it for you.) I just empirically tested what gpg with its default settings actually does when the signature is broken. I created a copy of Ploni’s key, with exactly one bit flipped in the signature on his forum uid: $ gpg --export -o ploni.bin ploni
cp -p ploni.bin ploni_broken.bin
[...use a hex editor to flip one bit inside the self-sig in question...]
$ cmp -l ploni.bin ploni_broken.bin
503 161 121
gpg automatically drops the userid with the broken signature; it emits a warning, but exits with a success code: $ mkdir -m0700 /tmp/gpgtest
$ gpg --homedir /tmp/gpgtest --import ploni_broken.bin ; echo "gpg: exit code $?"
gpg: keybox '/tmp/gpgtest/pubring.kbx' created
gpg: key D50ED7B480AC5F96: 1 bad signature
gpg: /tmp/gpgtest/trustdb.gpg: trustdb created
gpg: key D50ED7B480AC5F96: public key "Ploni Almoni (הוי האמרים לרע טוב, ולטוב רע: שמים חשך לאור ואור לחשך, שמים מר למתוק ומתוק למר.)" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: exit code 0
$ gpg --homedir /tmp/gpgtest -k
/tmp/gpgtest/pubring.kbx
------------------------
pub ed25519 2020-03-10 [C]
C79DD6973572969A0C2CFC9BD50ED7B480AC5F96
uid [ unknown] Ploni Almoni (הוי האמרים לרע טוב, ולטוב רע: שמים חשך לאור ואור לחשך, שמים מר למתוק ומתוק למר.)
uid [ unknown] bc1qaux6ajvglvm3y3cxvtu0gc2es6fx6wlcheqgjq
uid [ unknown] zs15m7tjrxelc6tmnsamt5lmymh48c95g4rtylx36xpjyn6t4wffue56kwflar7qvp4sc3vy3ladtl
sub ed25519 2020-03-10 [S]
sub cv25519 2020-03-10 [E]
Note the lack of any claim to a Bitcoin Forum userid. Thus, if you see the “bitcointalk.org u=2778290” imported to your gpg keyring, you may rest assured that gpg has already verified a signature on that statement by the holder of the primary key. Other user-facing OpenPGP software should behave as strictly, or moreso; if your preferred OpenPGP implementation accepts the userid with the broken signature, then you should file a bug report! Now, how does this actually work? Read RFC 4880 to understand what all this means: $ gpg -v -v < ploni.asc 2>&1 | less
[...interesting stuff...]
# off=354 ctb=b4 tag=13 hlen=2 plen=25
:user ID packet: "bitcointalk.org u=2778290"
# off=381 ctb=88 tag=2 hlen=2 plen=142
:signature packet: algo 22, keyid D50ED7B480AC5F96
version 4, created 1583879873, md5len 0, sigclass 0x13
digest algo 10, begin of digest c0 e3
hashed subpkt 33 len 21 (issuer fpr v4 C79DD6973572969A0C2CFC9BD50ED7B480AC5F96)
hashed subpkt 2 len 4 (sig created 2020-03-10)
[...more interesting stuff...] His key is a work of art. The primary key, all subkeys, and all self-signatures have a timestamp of the exact second when his forum account was created. He uses a primary key split from subkeys, which can support good security practices (protip: generate and store the primary key on an airgap machine, `man gpg` and look for `--export-secret-subkeys`). I also noticed that he copied my unusual cipher preferences. LOL. I exercised the same attention to detail when I made my own Faketoshi key. Anyway, I think it’s clear that Ploni has a deep understanding of OpenPGP internals. |
|
|
|
|
Show Posts
