date:20201012

Joe Biden the Treasoner... Calls for Jihad against the USA,
Releases Campaign Plan to Convert the USA to Islam,
Impose Sharia Law, Raise a New Caliphate...

https://www.youtube.com/watch?v=iOhjQ9qoVJw Joe Biden Openly Calls For
Violent Jihad Against the USA
https://www.youtube.com/watch?v=RCkqSZp6nkc Joe Biden's Public School
Program to Indoctrinate US Children into Islam

https://mobile.twitter.com/JoeBiden/status/652061001584642
https://www.youtube.com/watch?v=d-4XU7OfVdA Joe Biden, Convenience Man
Pandering Placating Taqiyya Speaker?

"Joe Biden is a clear and present danger to the USA" -- The Internet
In their regard, the same with Ilhan Omar  (of #CashForBallots fame).

https://en.wikipedia.org/wiki/List_of_Muslim_members_of_the_United_States_Congress


And people thought Democrats calling for, supporting, failing
to denounce violence of Antifa, BLM, random burning, looting,
shooting, etc... was bad and resulted enough trouble.

https://www.youtube.com/watch?v=v0b2x1I36-g EU issues from ~600 pages

Wait till US discovers what opening its borders "to all" mass
immigration could really mean, especially after 25 years of
waging its own jihad, tit-for-tat, and other games abroad...

Study up, US people might want to know.

Re: USA 2020 Elections: Thread

Only three weeks left, with much Lefty Media Bias of
the Democrats fraud already irrevocably totalled and
accrued down the mail-in ballots...

Will Americans Wake Up to the Media Bias and Censorship in time... ?

https://www.youtube.com/watch?v=65TGgFSIDYk Democrat Hitler on Censorship

Re: USA 2020 Elections: Thread

https://mobile.twitter.com/YAAS_America/status/1311721047377543168
Venezualan notes Tometi association

Re: USA 2020 Elections: Thread

Biden the Creepy Pedo, Sealed Congressional Abuse Payouts [in one vid
below]... ?!

https://old.reddit.com/r/conspiracy/comments/inw7sc/joe_biden_was_caught_on_video_inappropriately/

https://www.youtube.com/watch?v=dj-pIZIyuOA Joe Biden Pedo Hands on the move #1
https://www.youtube.com/watch?v=KQ-YjGmpO4Q Joe Biden Pedo Hands on the move #2
https://www.youtube.com/watch?v=nPs_79-hEg8 Joe Biden Elbowed by
Creeped Out Girl
https://www.youtube.com/watch?v=_IXMrssqLkI Just cant get away
https://www.youtube.com/watch?v=HI0Sttcelo8 Titled
https://www.youtube.com/watch?v=jjgbAN_SaHg Various
https://www.youtube.com/watch?v=b3ir0GY5Mr0 Supplied Endless Procession
https://www.youtube.com/watch?v=PFTddlygOLQ Joe Biden Dodges Accusations

https://duckduckgo.com/?iar=videos=videos=videos=joe+biden+creepy+girls

https://media1-production-mightynetworks.imgix.net/asset/2486684/29541041_2060663017512950_7895173452072688390_n.jpg
https:/i2.wp.com/iranian.com/wp-content/uploads/2019/03/biden-girl.jpg

"I walked into their dormitory and was immediately accosted by a cop
who arrested me because back in those days, men were not allowed
in women's dormitories. -- Joe Biden"

https://www.youtube.com/watch?v=vHTncNdoqzk Sean Hannity commentary
https://www.youtube.com/watch?v=in_wwDhg3h8 Hill accusation
https://www.youtube.com/watch?v=pA_Wt22f6gs Reade accusation

https://www.prisonplanet.com/ex-secret-service-agent-claims-biden-engaged-in-weinstein-level-groping.html
https://www.thegatewaypundit.com/2017/11/video-joe-biden-forces-little-girl-touch-crotch/
"The incident takes place about 1:40 in the video and was over
in seconds. It shows an experienced operator in action."

https://old.reddit.com/r/conspiracy/comments/g907qh/all_the_footage_of_biden_touching_and_kissing/



https://www.dailymail.co.uk/news/article-7240749/Delaware-university-SEALED-Joe-Bidens-Senate-records-long-public-life.html
https://www.washingtonexaminer.com/news/what-is-this-clown-hiding-donald-trump-jr-slams-biden-over-sealed-senate-records
https://twitter.com/DonaldJTrumpJr/status/1256215252930306050
"Let me get this straight," Trump Jr. tweeted. "Biden's records
from his decades in the United States Senate could be taken out of
context? Voters shouldn't get to see what Biden did while working
for them? What is this clown hiding?"

Joe Biden: "You Don't DESERVE To Know."



One thing always true about politics and politicians...
https://www.youtube.com/watch?v=MMzd40i8TfA ychtt

#PizzaGate ? True or not? You decide.

Re: Anglin - "ANGeL withIN" - artistic commentary on "Raised by Wolves" - [PEACE]

On 10/12/20, Zenaan Harkness  wrote:
[unclear stuff that looks like part of an ongoing military psyop]
> Let no man come between you and God.
[more unclear stuff that looks like part of an ongoing military psyop]

Zenaan, you don't understand God.  Anonymity networks are God.  Do you
understand?  Anonymity networks are God.  Now, you understand God.

Let's look into the tor source code just a little.  If we need roles,
I can be the corporate goonie, and zenaan can be the oppressed open
source hacker.

Zenaan, if you weren't there, a way to get the tor source code is:
```
$ git clone https://git.torproject.org/tor.git
...
$ cd tor
```
Now, you're in the tor source code folder!  As a corporate goonie, I'm
pretending to watch everything you do, coming in occasionally to make
really difficult changes to your project while pretending to
contribute.  You're all confused from these occasional psyops, and you
just want to make tor work.

You have to understand it piece by piece to move through it in your
confusion.  If you're really lucky, you find a way to work with me,
the corporate goonie, so that the work is easy and you actually get
paid.

```
 tor]$ less src/feature/api/tor_api.c
```
Last episode, we left off that `tor_api.c` was a likely way to find
the main execution of the tor daemon.  You have to hit 'space' until
the screen stops moving, to get to the `tor_main` function at the
bottom.

```
/* Main entry point for the Tor process.  Called from main().
 *
 * This function is distinct from main() only so we can link main.c into
 * the unittest binary without conflicting with the unittests' main.
 *
 * Some embedders have historically called this function; but that usage is
 * deprecated: they should use tor_run_main() instead.
 */
int
tor_main(int argc, char *argv[])
{
  tor_main_configuration_t *cfg = tor_main_configuration_new();
  if (!cfg) {
puts("INTERNAL ERROR: Allocation failure. Cannot proceed");
return 1;
  }
  if (tor_main_configuration_set_command_line(cfg, argc, argv) < 0) {
puts("INTERNAL ERROR: Can't set command line. Cannot proceed.");
return 1;
  }
  int rv = tor_run_main(cfg);
  tor_main_configuration_free(cfg);
  return rv;
}
```
We love this stuff!  There are pretty much only a couple things happening here.

```
  tor_main_configuration_t *cfg = tor_main_configuration_new();
  if (!cfg) {
puts("INTERNAL ERROR: Allocation failure. Cannot proceed");
return 1;
  }
```
This produces a new configuration object, to store the tor configuration in.

```
  if (tor_main_configuration_set_command_line(cfg, argc, argv) < 0) {
puts("INTERNAL ERROR: Can't set command line. Cannot proceed.");
return 1;
  }
```
This likely processes the parameters passed to the program, and
inserts them into the configuration object.

```
  int rv = tor_run_main(cfg);
```
This passes off the behavior to the `tor_run_main` set of code, and
lets it handle everything else.  `rv` is the result of its execution,
and will be returned to the operating system after tor shuts down.
All the rest of tor is in some other file.

I often use `grep` to find sourcefiles.

```
$ grep -r 'tor_run_main(' .
./ChangeLog:- Always call tor_free_all() when leaving
tor_run_main(). When we
./ChangeLog:- Always call tor_free_all() when leaving
tor_run_main(). When we
./ReleaseNotes:- Always call tor_free_all() when leaving
tor_run_main(). When we
./ReleaseNotes:- Always call tor_free_all() when leaving
tor_run_main(). When we
./src/app/main/main.c:tor_run_main(const tor_main_configuration_t *tor_cfg)
```

`tor_run_main`, the next code to look at, is in src/app/main/main.c .

Just one step of reviewing the tor source code!  Now, wasn't that easy?

Be well.

Re: Olberman: Trump supporters

Your words are _vaguely_ similar to the tor source code.  If we copied the
tor source code, maybe we could make iqnets!  Whaddaya think?

On Mon, Oct 12, 2020, 8:05 PM Zenaan Harkness  wrote:

> On Mon, Oct 12, 2020 at 02:45:33PM -0300, Punk-BatSoup-Stasi 2.0 wrote:
> > On Mon, 12 Oct 2020 21:50:21 +1100
> > Zenaan Harkness  wrote:
> >
> > >Liberal lunatic
> >
> >   just as lunatic as the trumpofascists, white trash supremacists,
> rethuglicans, and the rest of right wingers. You know, the government
> agents who post on this 'cypherpunk' mailing list.
>
>
> There's a movement coming, to no longer leave the seats of power to those
> who plainly are opposed to our interests.
>
> One way you could begin to ride that, is to somehow identify those who
> share you political view+intentions, and encourage and support them to e.g.
> run IN the rethuglican party, but AGAINST those nasty rethuglicans who do
> NOT share your views.  You could call such people "crypto anarchists" I
> guess...
>
> Just like the "bad orange man" was essentially memed into power, and now
> the American people are being given a "do you want to at least TRY to drain
> the swamp" test, then if they answer YES on Nov 3, then so too will this
> next step take place.
>
> I'm not sure, but it seems that the TDS meme machine has been put to good
> use in the last year by those with certain sane views - you knew who you
> are :)
>
>
> Juan, feel free to join us as we continue to create our shared world -
> we're all in this together, like it or not, and we begin from now, from the
> world we find ourselves in Right Now ... as a matter of pragmatism, denying
> present reality plays STRAIGHT into the hands of those presently holding
> seats of power.
>
> "Get real" or step aside...
>

Re: Olberman: Trump supporters "must be prosecuted and convicted and removed from our society" after the election -- Re: USA 2020 Elections: Thread

Nah, you posted political stuff.  Try naclbox.

On Mon, Oct 12, 2020, 8:08 PM Zenaan Harkness  wrote:

> Would love to, but I have a 1/2 to 1 day court hearing on Thursday re "my
> right to be dang well heard, on my own dang defence" since not getting to
> put my defence to the court is ridiculously unfair!
>
> Stress level is "not low" till after then, at least..
>
>
> On Mon, Oct 12, 2020 at 01:47:44PM -0400, Karl wrote:
> > Hey zen, try to set up naclbox (`go get github.com/rovaughn/box`
>  if
> > you have golang installed) and send me something to
> > c72e81da09e333bc8804205bcfcf3bd8821cad61ad862d57114339e5ee00a664 .
> > I'm yearning to tell you all about my family's secret demonrat
> > rituals.
> >
> > On 10/12/20, Zenaan Harkness  wrote:
> > > DemonRATs, in the guise of Keith Olbermann, have a post election
> campaign to
> > > deal with Trump supporters: round 'em up for that  final  solution  ...
> > >
> > > The moment, which seemed just a few short hours ago to be literally
> > > in-capable of being escalated once again just escalated (note, this is
> NOT
> > > 'The Bee'):
> > >
> > >Liberal lunatic Keith Olbermann says Trump supporters "must be
> prosecuted
> > > and convicted and removed from our society" after the election
> > >
> > >
> https://notthebee.com/article/keith-olbermann-literally-said-trump-supporters-must-be-prosecuted-and-convicted-and-removed-from-our-society
> > >
> > >   ... "So, let us brace ourselves. The task is two-fold: The
> terrorist
> > >   Trump must be defeated, must be destroyed, must be devoured at
> the
> > > ballot
> > >   box. And then he, and his enablers, and his supporters, and his
> > >   collaborators, and the Mike Lees and the William Barrs, and Sean
> > >   Hannitys, and the Mike Pences, and the Rudy Gullianis and the
> Kyle
> > >   Rittenhouses and the Amy Coney Barretts must be prosecuted and
> > > convicted
> > >   and removed from our society while we try to rebuild it."
> > >
> > >   ..
> > >
> > >
> > >
> > >
> > > On Sun, Oct 11, 2020 at 08:11:27PM -0300, Punk-BatSoup-Stasi 2.0 wrote:
> > >> On Sun, 11 Oct 2020 16:19:10 -0400
> > >> grarpamp  wrote:
> > >>
> > >> > Americans are, in my experience, the warmest, most kind-hearted and
> > >> > open-minded people in the world.
> > >>
> > >>
> > >>new level of insanity reached by the 'grarpamp' cunt.
>

Re: Anglin - "ANGeL withIN" - artistic commentary on "Raised by Wolves" - [PEACE]

Zenaan.  Did you try naclbox?

On Mon, Oct 12, 2020, 7:30 PM Zenaan Harkness  wrote:

> Andrew Anglin, just as David Duke, is a trooper - in the constructive,
> persistent, creative, mission focussed and mission critical sense of
> that word.
>
> Word deconstruction of the day: Anglin - the Angel Within.
>
> Anglin is often vehement, often (oh horror of horrors) guilty of
> 'shock comedy' in its various forms, yet remains at all times an
> example for others, an encouragement to lost Souls to Find
> Themselves™©®, th
> at timeless imploration to find you're own "angel within" - your Soul
> by any other word.
>
> Let no man come between you and God.
>
>
> Andrew happens to be quite the artist, and has for some years put his
> skills to great use in service of his causes - in the face of (as many
> of us have experienced, and continue to experience) incredible op
> position, de-monetization, censorship, and even MULTIPLE thefts of
> domains, beginning with DailyStormer.com some years back.
>
> David Duke's journey has been no less epic, nor any less RIGHTEOUS and
> PRINCIPLED and conducted in DIGNITY, notwithstanding the haters who
> fail to either read past the "mainstream" demonisation to the actua
> l source material, or further into any depth, to discover the true,
> and absolutely epic pathos, truth and facts, principles, history of
> discovery, failure, and lifting oneself up 100 times in the face of be
> ing beaten down again and again, over and over.
>
>
> For those able to get past the "mainstream" demonisation propagandia,
> a trove of truth, righteousness and principled men are in fellowship
> in this training we face, the epic setbacks, the dark nights of the
>  Soul.
>
> Would you have it any other way?
>
>
> Get past the crap, the shock humour, the salty language, and gems
> sometimes appear:
>
>Many Women Write Love Letters to Man Who Killed Pregnant Wife and
> Two Baby Daughters
>
> https://dailystormer.su/many-women-write-love-letters-to-man-who-killed-pregnant-wife-and-two-baby-daughters/
>
>
> from fellowship to shared principles, journeys worthy, to the
> discovery of inherent dignity, notwithstanding.
>
> Can you undo your own internal "I'm triggered" program?  Yes, the
> journey is sometimes confronting...
>
>
> If you have a moment longer, take a moment to appreciate that which,
> in this particular case Andrew Anglin brings to the table, an eternal
> offering to one and all:
>
>The First Episode of Raised by Wolves is the Single Best Piece of
> Audio-Visual Entertainment I’ve Seen in Years
>
> https://dailystormer.su/the-first-episode-of-raised-by-wolves-is-the-single-best-piece-of-audio-visual-entertainment-ive-seen-in-years/
>
>   .. There are hints within the film that it contains some forbidden
>   meaning, symbolism, depth. As far as I am able to tell, this is an
>   absolute bluff. A pretentious attempt to turn the viewer into Stanley
>   Fish, projecting his own meaning onto the material, which is left
>   purposefully vague and opaque. But I know better than to expect
> anything
>   more than a hint at depth. I am content with simple beauty, and a
> curt
>   nod to the idea that something could conceivably exist beyond the
> bounds
>   of the utopian Marxist hell in which we currently reside.
>
>   The entire first episode is available for free on YouTube in full
> 1080.
>
>   http://www.youtube.com/watch?v=YIAIiw8UAfA
>
>   I have only watched the first episode, and I cannot imagine that it
> gets
>   any better in the remaining nine episodes (all of which have been
>   released at time of writing). I may eventually watch more of these
>   episodes, though I do fear it will pollute this first one, which
> means so
>   much to me now. I know that none of the threads introduced will
> unravel
>   into anything beneficial. I know it because that is impossible now.
> The
>   series was made by HBO, and they would never allow it, nor do I
> believe
>   that the writers would be capable of transmitting meaning even if
> they
>   were allowed to do so.
>
>   Watch it. Don’t look for meaning or expect anything from it. Just
> enjoy
>   that it manifests beauty, and that it hints at the forbidden beyond,
> in a
>   time when neither of those actions are permitted. It has broken the
>   rules, and that is a monumental accomplishment.
>
>   ...
>
>
> [if someone would bundle that as a torrent, that would make it
> available to us Ossies... TIA]
>
>
> Assuming everybody's favourite orange swamp drainer remains after Nov
> 3, short of any more practical alternative appearing, it shall behoove
> us to start packing any and every "weak" seat with red hat wearin
> g swamp drainers, targetting 2022.  Every weak fence sitter who holds
> a seat in any house, whether red or blue, shall be targetted for 2022
> replacement by memeing, decorum grabbing, shirt eatin grinning, ac
> tual swamp

Re: Olberman: Trump supporters "must be prosecuted and convicted and removed from our society" after the election -- Re: USA 2020 Elections: Thread

Would love to, but I have a 1/2 to 1 day court hearing on Thursday re "my right 
to be dang well heard, on my own dang defence" since not getting to put my 
defence to the court is ridiculously unfair!

Stress level is "not low" till after then, at least..


On Mon, Oct 12, 2020 at 01:47:44PM -0400, Karl wrote:
> Hey zen, try to set up naclbox (`go get github.com/rovaughn/box` if
> you have golang installed) and send me something to
> c72e81da09e333bc8804205bcfcf3bd8821cad61ad862d57114339e5ee00a664 .
> I'm yearning to tell you all about my family's secret demonrat
> rituals.
> 
> On 10/12/20, Zenaan Harkness  wrote:
> > DemonRATs, in the guise of Keith Olbermann, have a post election campaign to
> > deal with Trump supporters: round 'em up for that  final  solution  ...
> >
> > The moment, which seemed just a few short hours ago to be literally
> > in-capable of being escalated once again just escalated (note, this is NOT
> > 'The Bee'):
> >
> >Liberal lunatic Keith Olbermann says Trump supporters "must be prosecuted
> > and convicted and removed from our society" after the election
> >
> > https://notthebee.com/article/keith-olbermann-literally-said-trump-supporters-must-be-prosecuted-and-convicted-and-removed-from-our-society
> >
> >   ... "So, let us brace ourselves. The task is two-fold: The terrorist
> >   Trump must be defeated, must be destroyed, must be devoured at the
> > ballot
> >   box. And then he, and his enablers, and his supporters, and his
> >   collaborators, and the Mike Lees and the William Barrs, and Sean
> >   Hannitys, and the Mike Pences, and the Rudy Gullianis and the Kyle
> >   Rittenhouses and the Amy Coney Barretts must be prosecuted and
> > convicted
> >   and removed from our society while we try to rebuild it."
> >
> >   ..
> >
> >
> >
> >
> > On Sun, Oct 11, 2020 at 08:11:27PM -0300, Punk-BatSoup-Stasi 2.0 wrote:
> >> On Sun, 11 Oct 2020 16:19:10 -0400
> >> grarpamp  wrote:
> >>
> >> > Americans are, in my experience, the warmest, most kind-hearted and
> >> > open-minded people in the world.
> >>
> >>
> >>new level of insanity reached by the 'grarpamp' cunt.

Re: Olberman: Trump supporters

On Mon, Oct 12, 2020 at 02:45:33PM -0300, Punk-BatSoup-Stasi 2.0 wrote:
> On Mon, 12 Oct 2020 21:50:21 +1100
> Zenaan Harkness  wrote:
> 
> >Liberal lunatic 
> 
>   just as lunatic as the trumpofascists, white trash supremacists, 
> rethuglicans, and the rest of right wingers. You know, the government agents 
> who post on this 'cypherpunk' mailing list. 

There's a movement coming, to no longer leave the seats of power to those who 
plainly are opposed to our interests.

One way you could begin to ride that, is to somehow identify those who share 
you political view+intentions, and encourage and support them to e.g. run IN 
the rethuglican party, but AGAINST those nasty rethuglicans who do NOT share 
your views.  You could call such people "crypto anarchists" I guess...

Just like the "bad orange man" was essentially memed into power, and now the 
American people are being given a "do you want to at least TRY to drain the 
swamp" test, then if they answer YES on Nov 3, then so too will this next step 
take place.

I'm not sure, but it seems that the TDS meme machine has been put to good use 
in the last year by those with certain sane views - you knew who you are :)

Juan, feel free to join us as we continue to create our shared world - we're 
all in this together, like it or not, and we begin from now, from the world we 
find ourselves in Right Now ... as a matter of pragmatism, denying present 
reality plays STRAIGHT into the hands of those presently holding seats of power.

"Get real" or step aside...

Re: Setting up PGP

On Mon, Oct 12, 2020, 6:57 PM grarpamp  wrote:

> > usbs have microchips that accept code updates
>
> USB "converters" should be considered suspect.
>
> Plugging BadUSB's, BadHDD, CPU's, Flash, or any
> other chipped / smart device or port with firmware, microcode,
> chips etc between systems has potential to infect / attack them.
>

How would you set up an airgapped system, if your main system were already
infected?  There's some degree of number of microchips, times accessed, way
and source of system installation and tools added ...

On a pi zero, you're likely going to have a keyboard, a display, and an SD
card, all of which have additional chips, some even long wires that can act
as radios.  Then the communication medium; I guess using the existing
display and keyboard adds the least complexity, but that's a lot of copying
of encrypted text.  I might start with a USB key even though it busts a
hole in the system, and just recommend it be moved very rarely.

A second paired system could be used for data exchange, connected to a
printer or a camera or a disk or whatnot, with an optoisolated gpio
connection to the main system.

> Assuming some random magical usb converter
> cable sets do pass raw rs-232 between them
> (ie: can cut/splice to a rs-232 port / modem / teletype)
>

The FTDI actually does this.

users often probably fuck up and cross infect
> usb during the n-th insertion setup session.
>

That sounds concerning.

> Various "air gap", all adaptable to 'cat hugefile > /device'...
>

Prefer tinyclearfile to hugefile, so auditing is reasonable.

> QR code

OCR scanning

Sound

Light
> RF
> Keyboard bots
> Monitor display output to camera capture input,
> a digital stream of bits thrown onscreen as fast
> as the two can sync.
>
> Simple RS-232 protocols, ECC codes, etc.
>
> All assuming endpoint chipsets don't attack over the gap / wire.
> Keep simple enough to see, log, debug, verify, filter, audit... like ASCII.
>
> USB, optical disk, tape, hdd... often have media
> based firmware update mechanisms, exploits,
> special sectors, bootcode, emulation, etc.

> > scrabble tiles
>
> As received from the store... exhibit a non-random
> character frequency count, should not be used without
> adjustment down to 1:1.

Re: Trying to Connect with a Hacker Online

On Mon, Oct 12, 2020, 6:46 PM Stefan Claas  wrote:

> Stefan Claas wrote:
>
> > Karl wrote:
> >
> > > I embarrassingly haven't sustained much understanding of golang ... I
> > > wanted to convert my box keys to signify-nacl keys but it seems the
> > > formats are different; my own signature doesn't verify when I just
> > > copy the bytes.
> >
> > NaCl sign secret keys are 64 bytes, while NaCl box secret keys are 32
> bytes.
>
> Since you are a Programmer, maybe this helps:
>
> <
> https://crypto.stackexchange.com/questions/54353/why-are-nacl-secret-keys-64-bytes-for-signing-but-32-bytes-for-box
> >
>

Quote:
An Ed25519 private key consists of a 32 byte seed (from which you can
cheaply derive the 32 byte private scalar and the 32 byte hash prefix) and
the 32 byte public key.

This is actually what I tried, but I think I need to look at the
implementations to make it work.  I can likely figure the golang out if I
need to, or probably there's a more direct approach to the whole shebang.
Maybe I'll come up with a high latency message to send to your offline
system =)

-sent from my closed source toosmartphone, which is dangerously rotting the
flesh of my hands

> Regards
> Stefan
>
> --
> NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
>   The computer helps us to solve problems, we did not have without him.
>

Anglin - "ANGeL withIN" - artistic commentary on "Raised by Wolves" - [PEACE]

Andrew Anglin, just as David Duke, is a trooper - in the constructive,
persistent, creative, mission focussed and mission critical sense of that word.

Word deconstruction of the day: Anglin - the Angel Within.

Anglin is often vehement, often (oh horror of horrors) guilty of 'shock comedy'
in its various forms, yet remains at all times an example for others, an
encouragement to lost Souls to Find Themselves™©®, that timeless imploration to
find you're own "angel within" - your Soul by any other word.

Let no man come between you and God.

Andrew happens to be quite the artist, and has for some years put his skills to
great use in service of his causes - in the face of (as many of us have
experienced, and continue to experience) incredible opposition,
de-monetization, censorship, and even MULTIPLE thefts of domains, beginning
with DailyStormer.com some years back.

David Duke's journey has been no less epic, nor any less RIGHTEOUS and
PRINCIPLED and conducted in DIGNITY, notwithstanding the haters who fail to
either read past the "mainstream" demonisation to the actual source material,
or further into any depth, to discover the true, and absolutely epic pathos,
truth and facts, principles, history of discovery, failure, and lifting oneself
up 100 times in the face of being beaten down again and again, over and over.

For those able to get past the "mainstream" demonisation propagandia, a trove
of truth, righteousness and principled men are in fellowship in this training
we face, the epic setbacks, the dark nights of the Soul.

Would you have it any other way?

Get past the crap, the shock humour, the salty language, and gems sometimes
appear:

Many Women Write Love Letters to Man Who Killed Pregnant Wife and Two Baby
Daughters

https://dailystormer.su/many-women-write-love-letters-to-man-who-killed-pregnant-wife-and-two-baby-daughters/

from fellowship to shared principles, journeys worthy, to the discovery of
inherent dignity, notwithstanding.

Can you undo your own internal "I'm triggered" program? Yes, the journey is
sometimes confronting...

If you have a moment longer, take a moment to appreciate that which, in this
particular case Andrew Anglin brings to the table, an eternal offering to one
and all:

The First Episode of Raised by Wolves is the Single Best Piece of
Audio-Visual Entertainment I’ve Seen in Years

https://dailystormer.su/the-first-episode-of-raised-by-wolves-is-the-single-best-piece-of-audio-visual-entertainment-ive-seen-in-years/

.. There are hints within the film that it contains some forbidden
meaning, symbolism, depth. As far as I am able to tell, this is an
absolute bluff. A pretentious attempt to turn the viewer into Stanley
Fish, projecting his own meaning onto the material, which is left
purposefully vague and opaque. But I know better than to expect anything
more than a hint at depth. I am content with simple beauty, and a curt
nod to the idea that something could conceivably exist beyond the bounds
of the utopian Marxist hell in which we currently reside.

The entire first episode is available for free on YouTube in full 1080.

http://www.youtube.com/watch?v=YIAIiw8UAfA

I have only watched the first episode, and I cannot imagine that it gets
any better in the remaining nine episodes (all of which have been
released at time of writing). I may eventually watch more of these
episodes, though I do fear it will pollute this first one, which means so
much to me now. I know that none of the threads introduced will unravel
into anything beneficial. I know it because that is impossible now. The
series was made by HBO, and they would never allow it, nor do I believe
that the writers would be capable of transmitting meaning even if they
were allowed to do so.

Watch it. Don’t look for meaning or expect anything from it. Just enjoy
that it manifests beauty, and that it hints at the forbidden beyond, in a
time when neither of those actions are permitted. It has broken the
rules, and that is a monumental accomplishment.

...

[if someone would bundle that as a torrent, that would make it available to us
Ossies... TIA]

Assuming everybody's favourite orange swamp drainer remains after Nov 3, short
of any more practical alternative appearing, it shall behoove us to start
packing any and every "weak" seat with red hat wearing swamp drainers,
targetting 2022. Every weak fence sitter who holds a seat in any house,
whether red or blue, shall be targetted for 2022 replacement by memeing,
decorum grabbing, shirt eatin grinning, actual swamp drainers.

We live in the world we currently have.

Our task is to take stepc to move diligently with our fellow Souls towards the
world we want.

Take no shorncut, read whan you must read, learn what you must, meme what you
must. We collectively have a chance to

Anglin - "ANGeL withIN" - artistic commentary on "Raised by Wolves" - [PEACE]

Andrew Anglin, just as David Duke, is a trooper - in the constructive,
persistent, creative, mission focussed and mission critical sense of
that word.

Word deconstruction of the day: Anglin - the Angel Within.

Anglin is often vehement, often (oh horror of horrors) guilty of
'shock comedy' in its various forms, yet remains at all times an
example for others, an encouragement to lost Souls to Find
Themselves™©®, th
at timeless imploration to find you're own "angel within" - your Soul
by any other word.

Let no man come between you and God.

Andrew happens to be quite the artist, and has for some years put his
skills to great use in service of his causes - in the face of (as many
of us have experienced, and continue to experience) incredible op
position, de-monetization, censorship, and even MULTIPLE thefts of
domains, beginning with DailyStormer.com some years back.

David Duke's journey has been no less epic, nor any less RIGHTEOUS and
PRINCIPLED and conducted in DIGNITY, notwithstanding the haters who
fail to either read past the "mainstream" demonisation to the actua
l source material, or further into any depth, to discover the true,
and absolutely epic pathos, truth and facts, principles, history of
discovery, failure, and lifting oneself up 100 times in the face of be
ing beaten down again and again, over and over.

For those able to get past the "mainstream" demonisation propagandia,
a trove of truth, righteousness and principled men are in fellowship
in this training we face, the epic setbacks, the dark nights of the
Soul.

Would you have it any other way?

Get past the crap, the shock humour, the salty language, and gems
sometimes appear:

Many Women Write Love Letters to Man Who Killed Pregnant Wife and
Two Baby Daughters

https://dailystormer.su/many-women-write-love-letters-to-man-who-killed-pregnant-wife-and-two-baby-daughters/

from fellowship to shared principles, journeys worthy, to the
discovery of inherent dignity, notwithstanding.

Can you undo your own internal "I'm triggered" program? Yes, the
journey is sometimes confronting...

If you have a moment longer, take a moment to appreciate that which,
in this particular case Andrew Anglin brings to the table, an eternal
offering to one and all:

The First Episode of Raised by Wolves is the Single Best Piece of
Audio-Visual Entertainment I’ve Seen in Years

https://dailystormer.su/the-first-episode-of-raised-by-wolves-is-the-single-best-piece-of-audio-visual-entertainment-ive-seen-in-years/

The entire first episode is available for free on YouTube in full 1080.

http://www.youtube.com/watch?v=YIAIiw8UAfA

...

[if someone would bundle that as a torrent, that would make it
available to us Ossies... TIA]

Assuming everybody's favourite orange swamp drainer remains after Nov
3, short of any more practical alternative appearing, it shall behoove
us to start packing any and every "weak" seat with red hat wearin
g swamp drainers, targetting 2022. Every weak fence sitter who holds
a seat in any house, whether red or blue, shall be targetted for 2022
replacement by memeing, decorum grabbing, shirt eatin grinning, ac
tual swamp drainers.

We live in the world we currently have.

Our task is to take stepc to move diligently with our fellow Souls
towards the world we want.

Take no shorncut, read whan you must read, learn what you must, meme
what you must. We collectively have a chance to shift the game big

Re: Setting up PGP

> usbs have microchips that accept code updates

USB "converters" should be considered suspect.

Plugging BadUSB's, BadHDD, CPU's, Flash, or any
other chipped / smart device or port with firmware, microcode,
chips etc between systems has potential to infect / attack them.

Assuming some random magical usb converter
cable sets do pass raw rs-232 between them
(ie: can cut/splice to a rs-232 port / modem / teletype)
users often probably fuck up and cross infect
usb during the n-th insertion setup session.

Various "air gap", all adaptable to 'cat hugefile > /device'...

QR code
OCR scanning
Sound
Light
RF
Keyboard bots
Monitor display output to camera capture input,
a digital stream of bits thrown onscreen as fast
as the two can sync.

Simple RS-232 protocols, ECC codes, etc.

All assuming endpoint chipsets don't attack over the gap / wire.
Keep simple enough to see, log, debug, verify, filter, audit... like ASCII.

USB, optical disk, tape, hdd... often have media
based firmware update mechanisms, exploits,
special sectors, bootcode, emulation, etc.

> scrabble tiles

As received from the store... exhibit a non-random
character frequency count, should not be used without
adjustment down to 1:1.

Re: Setting up PGP

On 10/12/20, John Young  wrote:
> the magicial, bewitching
> lodestone "national security," the abiding weapon of nations governed
> as royalty, heirarchical, the few overlording the many with force,
> elections, education, faith and trivializing deriviatives of
> entertainment, media, chat, parties, militants, rebels,
> revolutionaries, independents, intellectuals, geniuses, "democracies"
> ruled by  kingdoms of presidents, congresses, courts.
>
> Nonetheless, always a nonetheless apologia for top-down regimes, far
> more rewarding to cooperate with authorities than to defy them, more
> lucrative too. So backdoors in crypto, each and every version, must
> be inherent code, along with outpourings of assurances there are
> workarounds to escape the many and be one of the few. Today, that is
> marketed as "smart."

Democracy - noun: A distributed, intentionally much harder
to kill as such, version of the same old tyrant King. A confusing
shuffle game, a fraudulent trap, set for the eyes and minds of
free humans. A thoroughly successful sinister global power
play, having traded self determination for false representation
at closeout prices. A descent, from which recovery toward
freedom becomes all the much harder. A system, exquisitely
designed and taught, whereby the "majority" do subject
the "minority" to arbitrary whim, up to and including death.

Re: Trying to Connect with a Hacker Online

Stefan Claas wrote:
 
> Karl wrote:
>  
> > I embarrassingly haven't sustained much understanding of golang ... I
> > wanted to convert my box keys to signify-nacl keys but it seems the
> > formats are different; my own signature doesn't verify when I just
> > copy the bytes.
> 
> NaCl sign secret keys are 64 bytes, while NaCl box secret keys are 32 bytes.

Since you are a Programmer, maybe this helps:



Regards
Stefan

-- 
NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
  The computer helps us to solve problems, we did not have without him.

Looking at the tor daemon source code

```
tor]$ grep -r 'main(' src/app
src/app/config/or_options_st.h:  int LogMessageDomains; /**< Boolean:
Should we log the domain(s) in which
src/app/main/main.c:/* Main entry point for the Tor process.  Called
from tor_main(), and by
src/app/main/main.c:tor_run_main(const tor_main_configuration_t *tor_cfg)
src/app/main/ntmain.c:static void nt_service_main(void);
src/app/main/ntmain.c:nt_service_main(void)
src/app/main/ntmain.c:   *from those given to main() function.
src/app/main/ntmain.c:  nt_service_main();
src/app/main/tor_main.c: * \brief Stub module containing a main() function.
src/app/main/tor_main.c: * tests, which have their own main()s, can
link against main.c.
src/app/main/tor_main.c:int tor_main(int argc, char *argv[]);
src/app/main/tor_main.c:/** We keep main() in a separate file so that
our unit tests can use
src/app/main/tor_main.c:main(int argc, char *argv[])
src/app/main/tor_main.c:  r = tor_main(argc, argv);
$ cat src/app/main/tor_main.c
...
```

This is likely the main entry code for Tor.  (Hey, tell me when it's
time to shut up, if you're a hacker.) These files are like the genes
of tor: they make it all work when you finally 'conceive' the tor
process by running it, the kernel having electronic sex (I'm a prude
myself) with the harddrive, sending its data regions through the
various processes of the system loader, until the kernel process grows
into a confused little application.  And they were handmade by
software developers like the famous Jacob Appelbaum, who is
unfortunately the same age as me!  He doesn't have _that_ big a beard,
but he does have glasses, so his beard is big enough to be a coder.

```
/* Copyright 2001-2004 Roger Dingledine.
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
 * Copyright (c) 2007-2020, The Tor Project, Inc. */
/* See LICENSE for licensing information */
```
This stuff people put at the top of their source code to support
various lawyer heroes they know.  Often richard stallman gets a big
chunk up here.  Tor is kind and refers us to another file for details
rather than making us scroll past it all.

```
#include "orconfig.h"
#ifdef ENABLE_RESTART_DEBUGGING
#include 
#endif
```
Header files.  orconfig.h looks like some of that system-specific
stuff that `./configure` might have generated.  The #ifdef/#endif's
basically indicate that ./configure can enable or disable the region
between them.  "stdlib" is used for a wide variety of functions.

```
/**
 * \file tor_main.c
 * \brief Stub module containing a main() function.
 *
 * We keep the main function in a separate module so that the unit
 * tests, which have their own main()s, can link against main.c.
 **/

int tor_main(int argc, char *argv[]);
```
This is a very clear description of the file we are looking at.  The
commenting style is well-accepted, and quite easy for developers to
look at it, because it is so normal.

The comment implies that the _real_ guts are going to be in main.c .
We can look at that file after this one.

```
/** We keep main() in a separate file so that our unit tests can use
 * functions from main.c.
 */
int
main(int argc, char *argv[])
```
Here they said a very similar thing, but put the comment on the main
function instead of the tor_main function.  This is because
programmers can get very confused after spending their lives staring
at blinking rectangles instead of talking to other people.  It's
possible a software developer would only see the thing they are
looking for, and not the things around it!  Additionally, software
developers learn to be very obsessive compulsive about rigorous
consistency in the structures they design, because if they don't do
that when working inside a computer the computer can develop a bad
issue of smoke leaving its cpu.  Comments don't affect the cpu.

```
{
  int r;
```
This defines a variable "r", saying it is an integer, and that nobody
knows what it will be used for quite yet.

```
#ifdef ENABLE_RESTART_DEBUGGING
  int restart_count = getenv("TOR_DEBUG_RESTART") ? 1 : 0;
 again:
#endif
```
Here's that mysterious use of ``!  `getenv` is a function
from stdlib that gets a variable from the environment.  If this
feature is enabled, the user can set `TOR_DEBUG_RESTART` to control
the value of restart_count, _without changing or recompiling any
code_!  Miraculous!

```
  r = tor_main(argc, argv);
```
This hands off control of the system to the tor_main function and is
the _only thing_ actually being done here.  There's no need to look
any more at this file.  It's basically saying that `tor_main` is the
real `main`, over and over again.

```
tor]$ grep -r 'tor_main(' .
./ChangeLog:  return from the tor_main() function, rather than calling the
./ReleaseNotes:  return from the tor_main() function, rather than
calling the
./src/app/main/main.c:/* Main entry point for the Tor process.  Called
from tor_main(), and by
./src/app/main/tor_main.c:int tor_main(int argc, char *argv[]);
./src/app/main/tor_main.c:  r =

Re: Trying to Connect with a Hacker Online

Karl wrote:
 
> I embarrassingly haven't sustained much understanding of golang ... I
> wanted to convert my box keys to signify-nacl keys but it seems the
> formats are different; my own signature doesn't verify when I just
> copy the bytes.

NaCl sign secret keys are 64 bytes, while NaCl box secret keys are 32 bytes.

> Do you know if there is a way to use cargo from an offline system?
> This would help inspire me to understand golang better.

No, unfortunately not.

Regards
Stefan

-- 
NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
  The computer helps us to solve problems, we did not have without him.

Re: Building Tor from Source

On 10/12/20, grarpamp  wrote:
>>> It looks like your OpenSSL headers don't match what Tor expects during
>>> `configure`.
>
> Giving the type errors during cc .o.

I don't understand you here.  What do you mean?

>
>>> You can try building and linking against your own SSL, ala:
>>> ./Configure --prefix=/usr no-idea no-rc5 no-mdc2 zlib-dynamic threads
>>> shared
>
>> I found a workaround is to pass my openssl linking path to configure.
>> ```
>> $ LDFLAGS=-L/usr/local/lib64 ./configure
>> I tried --with-openssl-dir=/usr/local but it didn't work
>
> tor may still have some problems picking up include and libs,
> not helped by how some systems lay them out, and problems
> with --option-style vs env var style. Whichever style if needed,
> both should point to the matching locations for whatever installed
> ssl set, ie for a private build:
>
> ssl: ./Configure --prefix=/tmp/foo
> tor: LDFLAGS -L/tmp/foo/lib and CPPFLAGS -I/tmp/foo/include
>
> You can also build static if you want to run in tiny jails/VMs,
> or not be subject to package manager randomness.
>

Hey, do you guys use pgp or nacl or anything?  I'm learning nacl a
little with stefan (omigod do you think stefan is their legal name?
are they safe using that name on this list?  maybe they protect
anarchists outside the usa?)

-naclbox c72e81da09e333bc8804205bcfcf3bd8821cad61ad862d57114339e5ee00a664

Re: Trying to Connect with a Hacker Online

I embarrassingly haven't sustained much understanding of golang ... I
wanted to convert my box keys to signify-nacl keys but it seems the
formats are different; my own signature doesn't verify when I just
copy the bytes.

Do you know if there is a way to use cargo from an offline system?
This would help inspire me to understand golang better.

On 10/12/20, Stefan Claas  wrote:
> Karl wrote:
>
>> Also attached to resolve pasting corruption.  Document includes only
>> through the  armor.
>> As it says inside the document, signature is calculated with tail -n
>> +4 | head -n -8 | sha512sum .
>>
>> -BEGIN NaCl SIGNED MESSAGE-
>>Hash: tail -n +4 | head -n -8 |
>> sha512sum
>
> Most interesting with what you came up with, because my MUA saves then
> your message as it should be. However, unfortunately the included hash
> does not match. :-(
>
> BTW. are you aware that the NaCl crypto library has also a sign function?
>
> It would then require a second key, same as with GnuPG, but maybe also
> worth to explore, because you are a programmer.
>
> Here is a sample implementation in Golang, which unfortunately writes
> the signature as binary instead of (base64) ASCII.
>
> https://github.com/UNO-SOFT/signify-nacl
>
> Regards
> Stefan
>
> --
> NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
>   The computer helps us to solve problems, we did not have without him.
>

Re: Building Tor from Source

>> It looks like your OpenSSL headers don't match what Tor expects during
>> `configure`.

Giving the type errors during cc .o.

>> You can try building and linking against your own SSL, ala:
>> ./Configure --prefix=/usr no-idea no-rc5 no-mdc2 zlib-dynamic threads shared

> I found a workaround is to pass my openssl linking path to configure.
> ```
> $ LDFLAGS=-L/usr/local/lib64 ./configure
> I tried --with-openssl-dir=/usr/local but it didn't work

tor may still have some problems picking up include and libs,
not helped by how some systems lay them out, and problems
with --option-style vs env var style. Whichever style if needed,
both should point to the matching locations for whatever installed
ssl set, ie for a private build:

ssl: ./Configure --prefix=/tmp/foo
tor: LDFLAGS -L/tmp/foo/lib and CPPFLAGS -I/tmp/foo/include

You can also build static if you want to run in tiny jails/VMs,
or not be subject to package manager randomness.

Re: Trying to Connect with a Hacker Online

Stefan Claas wrote:
 
> Karl wrote:
>  
> > Also attached to resolve pasting corruption.  Document includes only
> > through the  armor.
> > As it says inside the document, signature is calculated with tail -n
> > +4 | head -n -8 | sha512sum .
> > 
> > -BEGIN NaCl SIGNED MESSAGE-
> >Hash: tail -n +4 | head -n -8 |
> > sha512sum
> 
> Most interesting with what you came up with, because my MUA saves then
> your message as it should be. However, unfortunately the included hash
> does not match. :-(

Stupid me, never mind ...

Regards
Stefan

-- 
NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
  The computer helps us to solve problems, we did not have without him.

Re: Trying to Connect with a Hacker Online

Karl wrote:

> Also attached to resolve pasting corruption.  Document includes only
> through the  armor.
> As it says inside the document, signature is calculated with tail -n
> +4 | head -n -8 | sha512sum .
> 
> -BEGIN NaCl SIGNED MESSAGE-
>Hash: tail -n +4 | head -n -8 |
> sha512sum

Most interesting with what you came up with, because my MUA saves then
your message as it should be. However, unfortunately the included hash
does not match. :-(

BTW. are you aware that the NaCl crypto library has also a sign function?

It would then require a second key, same as with GnuPG, but maybe also
worth to explore, because you are a programmer.

Here is a sample implementation in Golang, which unfortunately writes
the signature as binary instead of (base64) ASCII.

https://github.com/UNO-SOFT/signify-nacl

Regards
Stefan

-- 
NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
  The computer helps us to solve problems, we did not have without him.

Re: Trying to Connect with a Hacker Online

Also attached to resolve pasting corruption.  Document includes only
through the  armor.
As it says inside the document, signature is calculated with tail -n
+4 | head -n -8 | sha512sum .

-BEGIN NaCl SIGNED MESSAGE-
   Hash: tail -n +4 | head -n -8 |
sha512sum

On 10/12/20, Stefan Claas  wrote:
>> Why do you not use naclbox to communicate all the time?  Couldn't it
>> even be used for the cypherpunks mailing list, if the mailing list had
>> a shared receiving private key, to verify that each person is saying
>> what they intend?
>
> Well, I often receive message in PGP format, because I still have a key
> pair for GnuPG. Otherwise I already use NaClbox with friends in Germany,
> the United States and Canada. :-)
>
> Regarding the ML, I think the list-owner would not be amused and probably
> many subscribers would not like the idea either. For that people could use
> the Usenet group alt.anonymous.messages with a shared hashed subject (hsub)
> in order to fetch messages, from a.a.m..

I want to visit your link except what you said makes no sense to me.  I think
this subscriber crowd would leap on the idea of a nacl-based mailing list.
Everybody knows that email is a crummy, weak norm.

I'm going to wordwrap this whole message, pipe it to sha512sum, and encrypt the
hash to your key.  I'll paste it in to a terminal and end it by hitting ctrl-D
on a blank line, then add a new blank line and the cyphertext at the bottom.
Would you be interested in verifying the checksum?

Here's the encrypted message you sent me, decrypted and rewrapped.  I don't
remember how many characters e-mail wraps to, this is my vim default.

Would you be willing to reply encrypted, so I can have more confidence the
reply has not been altered in transit?  Would you be able to include my message
in your reply, so I can know that you are replying to the same words that I
sent?  A man in the middle could have also made a naclbox identity, and if so
we would want them to copy our words accurately.

Sure, no problem. But as I posted this key I currently use is a *test* key on
my online computer.

Best regards
Stefan

>
> Regards
> Stefan
>
> --
> NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
>   The computer helps us to solve problems, we did not have without him.

NaClbox: c72e81da09e333bc8804205bcfcf3bd8821cad61ad862d57114339e5ee00a664
-BEGIN NaCl SIGNATURE-
Version: tail -n +4 | head -n -8 | sha512sum

AgAAAHYwrPI9q0d4Qh3vcGOuoDcFMEv4zZfU6I9dTTkmeg6vYbxmgytSZUWVEbPgDoT119MW
cfr9JL+N5G3+z0L2VUBzMwxhdTjgPbiDpC1LyndCDgG+MgYDI3DduxvEzW2TmVrpV6rh27vOD/jo
MsyrUMy+RJ5qksJxNig+Q/tvGsKMiKtYxauyokBQIhOvYFUdNmPtD3vCLYEgRT27Bdec+8OSSC/x
q+NjTaSI9D8PhkE=
-END NaCl SIGNATURE-

message
Description: Binary data

Re: Trying to Connect with a Hacker Online

Karl wrote:
 
> I'm going to wordwrap this whole message, pipe it to sha512sum, and encrypt 
> the
> hash to your key.  I'll paste it in to a terminal and end it by hitting ctrl-D
> on a blank line, then add a new blank line and the cyphertext at the bottom.
> Would you be interested in verifying the checksum?

Could you do me a favor, because my hash did not matched.

Maybe mark in your next reply, the part with - or something else, so that
I exactly know from where I have to copy and paste from?

Regards
Stefan

-- 
NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
  The computer helps us to solve problems, we did not have without him.

Re: Trying to Connect with a Hacker Online

On 10/12/20, Stefan Claas  wrote:
>> Why do you not use naclbox to communicate all the time?  Couldn't it
>> even be used for the cypherpunks mailing list, if the mailing list had
>> a shared receiving private key, to verify that each person is saying
>> what they intend?
>
> Well, I often receive message in PGP format, because I still have a key
> pair for GnuPG. Otherwise I already use NaClbox with friends in Germany,
> the United States and Canada. :-)
>
> Regarding the ML, I think the list-owner would not be amused and probably
> many subscribers would not like the idea either. For that people could use
> the Usenet group alt.anonymous.messages with a shared hashed subject (hsub)
> in order to fetch messages, from a.a.m..

I want to visit your link except what you said makes no sense to me.  I think
this subscriber crowd would leap on the idea of a nacl-based mailing list.
Everybody knows that email is a crummy, weak norm.

I'm going to wordwrap this whole message, pipe it to sha512sum, and encrypt the
hash to your key.  I'll paste it in to a terminal and end it by hitting ctrl-D
on a blank line, then add a new blank line and the cyphertext at the bottom.
Would you be interested in verifying the checksum?

Here's the encrypted message you sent me, decrypted and rewrapped.  I don't
remember how many characters e-mail wraps to, this is my vim default.

Would you be willing to reply encrypted, so I can have more confidence the
reply has not been altered in transit?  Would you be able to include my message
in your reply, so I can know that you are replying to the same words that I
sent?  A man in the middle could have also made a naclbox identity, and if so
we would want them to copy our words accurately.

Sure, no problem. But as I posted this key I currently use is a *test* key on
my online computer.

Best regards
Stefan

>
> Regards
> Stefan
>
> --
> NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
>   The computer helps us to solve problems, we did not have without him.

NaClbox: c72e81da09e333bc8804205bcfcf3bd8821cad61ad862d57114339e5ee00a664

AgAAAHYwrOv06nJj1B8i1KTTKblpUZ/jXTNttl/ZD+7Qg3c0M2kOkZ8zZJvp1i/w3shXAeng
ixhUQbsLMCjTsDZOdYwAUxmkZ4GV/kmEjzISZcQmxxZCizL+Xyyf/6YdXZ2jBjQ/U/yvI+xgPygq
y1nLjES3RW3fg3aDsBrv574GD/ca81f/rc6hcchP0clZydHcYNCEOLh8eHHY2QT6IaMXS0CC+fma
Ecvf7l3mE/QGYRk=

Re: Trying to Connect with a Hacker Online

Karl wrote:
 
> On 10/12/20, Stefan Claas  wrote:
> > Stefan Claas wrote:
> >> | Stefan, I got:
> >> |
> >> AgAAAHYwSO+xQIT5meBNroABRxnwz1nF8Apub/z5OiqCftZUpGTBbcejwe6XQF4lpAnhW9YG
> >> | NAl9/zdLkj8FOG2NQmhbx82HXJv1Ju2c1w==
> >> | from you.  Is this the same encrypted message as the one you sent?  I'm
> >> expecting that it is.
> 
> AgAAAHYwjgEAACeQYcUutIj71LXOwf6SZU3wiTMAhlKBNAw552GqDynQ4nKtGX2l+5beCjexTFSW
> +MTj6dbJhjfTVpRzalwY19NSWrjeFZpy3WLi78oz3Yh/Tt7tLI630KJUO5vlAOqLM8IJmV4//ZeG
> 2AQgpofe61FXDm8H/SXRNFGD9K3Y/sIwtFbzGgyNJxEMIILTtkGCuWvr3Ub6nS06m4PuwP4Eeu0a
> ObmohUDGnXNuKEiULvyBbP2X05+s5ogXrzN5lh3pAW3q345kWDteqvqdS3o6baVTYthEb63m5dRg
> vIPIeto8v0ZBqJ9zZqIGPKlthQ9u0TXHR4xrdUUWKVxZfyOP906PPSmmoc10zQtWR3Bw9rZ3ym9Y
> HxXSu8YvnvGqH+IHzn4qYZYh+WywfcNwoygyNVKuswXDSbz1okDq0yMixIoi6at5ZHCJZDmu9KJx
> +LwUQWw7FYR9u2TqFsb+/w8snk9SI8gBTQW4jDoDDbGYYySDQqJA4SOhATwEMRuBySZEQbJ+qtlv
> zpPl4upnvipG

AgAAAHYwBwIAALj3MZ/ShsJxjdYIfsw22RKVJePXqE4q6+lwN9/WJA+H16C1chNRDPVgNtau4BDj
DAfkY7LBXvhyVlORTzJtdglh5FV5Vu+YlcqHGsLzJRxLKJlLVYS1jbU9+4yea2ftG3Yo/fJQXdCH
AfLL4ip86KR0fgOj2ih9lXJjQ6tFWIEbWoX6lzEhccCgPgPRciDlv19VGCX66aP2nFIPr0qDVw2c
sMMgRCMlsnQKWIWspYX62a7dq7T7hm2uCRo+Ak35vj2KMoOkD4aUutr1XDNJ8wm9XuYN9Dh94sgP
/kF6gNPo+kwnul80mPFJWHe/o4Ltpe0ONh5MIG53DOLilKMe7CFn1jKzDEujapxmDhD1Pt4WP59q
DlJDk3BMGEplyCQSQYCfK3Ot3NZHcmaIcPhhEzPiBBPw2959T5mYUHstumsjoDx9t+xEmCR0gDdT
S2dbMhlTCEsu1g3arsc0p63nmxS/q79y7GwAn024lbYMz/OvSM10L2mjGiIkuYsnn8eKw9kJy0YL
M70pysgcBbj9l5/oFjPk/L4bz0omP2DsP0sWfN9Vr5+9/uYbfJ0dG6UBnSXwXxFxq/cBhzwPJdWw
Uov/5awa2KOwcRToPX2dMWfRAIIngX9L3mHIW579mxA+ItYy+bHjwhQzccUv2PKyPGGSLwzEjzm3
BjvksacLYb/51Cy2dbtqHQ==

> > BTW. NaClbox messages are authenticated, so no one can send you a message
> > in
> > my name, if they are not in possession of my private key. This avoids then
> > also to use signatures, like with GnuPG.
> >
> > And the IMHO cool thing about NaClbox is that it is much easier to use and
> > learn than GnuPG.
> 
> Why do you not use naclbox to communicate all the time?  Couldn't it
> even be used for the cypherpunks mailing list, if the mailing list had
> a shared receiving private key, to verify that each person is saying
> what they intend?

Well, I often receive message in PGP format, because I still have a key
pair for GnuPG. Otherwise I already use NaClbox with friends in Germany,
the United States and Canada. :-)

Regarding the ML, I think the list-owner would not be amused and probably
many subscribers would not like the idea either. For that people could use
the Usenet group alt.anonymous.messages with a shared hashed subject (hsub)
in order to fetch messages, from a.a.m..

Regards
Stefan

-- 
NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
  The computer helps us to solve problems, we did not have without him.

Re: Olberman: Trump supporters "must be prosecuted and convicted and removed from our society" after the election -- Re: USA 2020 Elections: Thread

Hey zen, try to set up naclbox (`go get github.com/rovaughn/box` if
you have golang installed) and send me something to
c72e81da09e333bc8804205bcfcf3bd8821cad61ad862d57114339e5ee00a664 .
I'm yearning to tell you all about my family's secret demonrat
rituals.

On 10/12/20, Zenaan Harkness  wrote:
> DemonRATs, in the guise of Keith Olbermann, have a post election campaign to
> deal with Trump supporters: round 'em up for that  final  solution  ...
>
> The moment, which seemed just a few short hours ago to be literally
> in-capable of being escalated once again just escalated (note, this is NOT
> 'The Bee'):
>
>Liberal lunatic Keith Olbermann says Trump supporters "must be prosecuted
> and convicted and removed from our society" after the election
>
> https://notthebee.com/article/keith-olbermann-literally-said-trump-supporters-must-be-prosecuted-and-convicted-and-removed-from-our-society
>
>   ... "So, let us brace ourselves. The task is two-fold: The terrorist
>   Trump must be defeated, must be destroyed, must be devoured at the
> ballot
>   box. And then he, and his enablers, and his supporters, and his
>   collaborators, and the Mike Lees and the William Barrs, and Sean
>   Hannitys, and the Mike Pences, and the Rudy Gullianis and the Kyle
>   Rittenhouses and the Amy Coney Barretts must be prosecuted and
> convicted
>   and removed from our society while we try to rebuild it."
>
>   ..
>
>
>
>
> On Sun, Oct 11, 2020 at 08:11:27PM -0300, Punk-BatSoup-Stasi 2.0 wrote:
>> On Sun, 11 Oct 2020 16:19:10 -0400
>> grarpamp  wrote:
>>
>> > Americans are, in my experience, the warmest, most kind-hearted and
>> > open-minded people in the world.
>>
>>
>>  new level of insanity reached by the 'grarpamp' cunt.
>>
>>
>>
>>
>>
>

Re: Trying to Connect with a Hacker Online

On 10/12/20, Stefan Claas  wrote:
> Stefan Claas wrote:
>> | Stefan, I got:
>> |
>> AgAAAHYwSO+xQIT5meBNroABRxnwz1nF8Apub/z5OiqCftZUpGTBbcejwe6XQF4lpAnhW9YG
>> | NAl9/zdLkj8FOG2NQmhbx82HXJv1Ju2c1w==
>> | from you.  Is this the same encrypted message as the one you sent?  I'm
>> expecting that it is.

AgAAAHYwjgEAACeQYcUutIj71LXOwf6SZU3wiTMAhlKBNAw552GqDynQ4nKtGX2l+5beCjexTFSW
+MTj6dbJhjfTVpRzalwY19NSWrjeFZpy3WLi78oz3Yh/Tt7tLI630KJUO5vlAOqLM8IJmV4//ZeG
2AQgpofe61FXDm8H/SXRNFGD9K3Y/sIwtFbzGgyNJxEMIILTtkGCuWvr3Ub6nS06m4PuwP4Eeu0a
ObmohUDGnXNuKEiULvyBbP2X05+s5ogXrzN5lh3pAW3q345kWDteqvqdS3o6baVTYthEb63m5dRg
vIPIeto8v0ZBqJ9zZqIGPKlthQ9u0TXHR4xrdUUWKVxZfyOP906PPSmmoc10zQtWR3Bw9rZ3ym9Y
HxXSu8YvnvGqH+IHzn4qYZYh+WywfcNwoygyNVKuswXDSbz1okDq0yMixIoi6at5ZHCJZDmu9KJx
+LwUQWw7FYR9u2TqFsb+/w8snk9SI8gBTQW4jDoDDbGYYySDQqJA4SOhATwEMRuBySZEQbJ+qtlv
zpPl4upnvipG


>
> BTW. NaClbox messages are authenticated, so no one can send you a message
> in
> my name, if they are not in possession of my private key. This avoids then
> also to use signatures, like with GnuPG.
>
> And the IMHO cool thing about NaClbox is that it is much easier to use and
> learn than GnuPG.

Why do you not use naclbox to communicate all the time?  Couldn't it
even be used for the cypherpunks mailing list, if the mailing list had
a shared receiving private key, to verify that each person is saying
what they intend?

k's thinkpad, tor source folder,
c72e81da09e333bc8804205bcfcf3bd8821cad61ad862d57114339e5ee00a664

Re: Building Tor from Source

hey thanks for your response,

On 10/12/20, coderman  wrote:
> Hello Karl!
>
> It looks like your OpenSSL headers don't match what Tor expects during
> `configure`.
>
> You can try updating your openssl-devel libraries, (sometimes called libssl,
> libcrypto, ssl-dev, etc. Check accordingly for your distro).
>
> You can try building and linking against your own SSL, ala:
> ./Configure --prefix=/usr no-idea no-rc5 no-mdc2 zlib-dynamic threads
> shared
>
> just remember to pass the right options to configure!
>
> If neither of these work, let me know what OS distribution you're on, and
> what version is returned by `openssl version`, and I'll try to help...

To follow through on important tor work, this is stuff one needs to
share before asking anybody to look at an issue:

```
$ cat /etc/redhat-release
Red Hat Enterprise Linux Workstation release 7.7 (Maipo)
$ openssl version
OpenSSL 1.1.1h-dev  xx XXX 
```

I found a workaround is to pass my openssl linking path to configure.
```
$ LDFLAGS=-L/usr/local/lib64 ./configure # I tried
--with-openssl-dir=/usr/local but it didn't work
```
This allows a configure test for openssl to pass that disables the
block of code that failed.  My system gcc appears to use
/usr/local/include for compiling but not use /usr/local/lib64 for
linking.  I'm not aware of a "correct" way to change that, but it's
easy to set LDFLAGS.

This issue is a smaller edgecase of the issue addressed at
https://trac.torproject.org/projects/tor/ticket/17223

People are occasionally still running into this
https://github.com/vergecurrency/VERGE/issues/987

I'm trying to decide if it's worthwhile pursuing the issue.  If it
sends away developers other than me, maybe it would be.

I'll let it finish building.

>
>
> best regards,
>
>
>
>
>
> ‐‐‐ Original Message ‐‐‐
> On Sunday, October 11, 2020 9:15 PM, Karl  wrote:
>
>> hey coderman,
>>
>> you know a lot more about this than me, do you know how to quickly fix
>> my ssl error?  [ build adventure continues... ]
>

Re: Trying to Connect with a Hacker Online

Stefan Claas wrote:
 
> Karl wrote:
>  
> Hi Karl,
> 
> > AgAAAHYwNwAAACYoBMBoexWybVHaD6gSUYQvDho9F4ptZ5/fwtJrejNmwpXToWN2YtBqg3v6886R
> > QsxcjqLBKxZ1ZhsWlHZ+bZ2/DL7v+1IdT9m1xMl18QCigsZEbLovKiYMpddxBnqGgF4MeTX6
> > ptxfE8duAZQ3+wc+ij+Z1TmZScTHd9bxcGlkn0aj2nfuaFDFRP/fm3I50iL6QwXpNyMKD8Oj2+5k
> > RIfQpn2OxScgn6wauUL1TQAAADacCd0xdLntxPiQU+LdyX+QexJkw8ZTZHPy3HkfuxKkQfwYLqX1
> > zMD8uOuP1mJ911dhbnnOEiYADkkeAJnDpp9TQD1PFV6wRhr5eRtJhgAAALgpH0r16Fkri92M4JPN
> > XfJNkW0PMnBpuUY2DTvP+gHKYLQAU7m5BQ9JkG5rU70/YQeWGHYn8BU40TVwj8o+FbPhuIer5qIq
> > hYj3v2cZVv6hCYdyj2bDuy1qBtqU+bBResYI9zFRTgWtpeiWJukKu921Bg9zZ9rqKkzcAI5h/wDe
> > 6pVx6NCF
> 
> your decrypted and decoded message:
> 
> | Stefan, I got:
> | AgAAAHYwSO+xQIT5meBNroABRxnwz1nF8Apub/z5OiqCftZUpGTBbcejwe6XQF4lpAnhW9YG
> | NAl9/zdLkj8FOG2NQmhbx82HXJv1Ju2c1w==
> | from you.  Is this the same encrypted message as the one you sent?  I'm 
> expecting that it is.

BTW. NaClbox messages are authenticated, so no one can send you a message in
my name, if they are not in possession of my private key. This avoids then
also to use signatures, like with GnuPG.

And the IMHO cool thing about NaClbox is that it is much easier to use and
learn than GnuPG.

Regards
Stefan
 
-- 
NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
  The computer helps us to solve problems, we did not have without him.

Re: Trying to Connect with a Hacker Online

Karl wrote:
 
Hi Karl,

> AgAAAHYwNwAAACYoBMBoexWybVHaD6gSUYQvDho9F4ptZ5/fwtJrejNmwpXToWN2YtBqg3v6886R
> QsxcjqLBKxZ1ZhsWlHZ+bZ2/DL7v+1IdT9m1xMl18QCigsZEbLovKiYMpddxBnqGgF4MeTX6
> ptxfE8duAZQ3+wc+ij+Z1TmZScTHd9bxcGlkn0aj2nfuaFDFRP/fm3I50iL6QwXpNyMKD8Oj2+5k
> RIfQpn2OxScgn6wauUL1TQAAADacCd0xdLntxPiQU+LdyX+QexJkw8ZTZHPy3HkfuxKkQfwYLqX1
> zMD8uOuP1mJ911dhbnnOEiYADkkeAJnDpp9TQD1PFV6wRhr5eRtJhgAAALgpH0r16Fkri92M4JPN
> XfJNkW0PMnBpuUY2DTvP+gHKYLQAU7m5BQ9JkG5rU70/YQeWGHYn8BU40TVwj8o+FbPhuIer5qIq
> hYj3v2cZVv6hCYdyj2bDuy1qBtqU+bBResYI9zFRTgWtpeiWJukKu921Bg9zZ9rqKkzcAI5h/wDe
> 6pVx6NCF

your decrypted and decoded message:

| Stefan, I got:
| AgAAAHYwSO+xQIT5meBNroABRxnwz1nF8Apub/z5OiqCftZUpGTBbcejwe6XQF4lpAnhW9YG
| NAl9/zdLkj8FOG2NQmhbx82HXJv1Ju2c1w==
| from you.  Is this the same encrypted message as the one you sent?  I'm 
expecting that it is.

Yes.

Regards
Stefan

-- 
NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
  The computer helps us to solve problems, we did not have without him.

Re: Trying to Connect with a Hacker Online

I've slightly changed a part of the message that didn't hold too much meaning.

```
$ export PATH=$HOME/go/bin:"$PATH"
$ box add-peer -name stefan-test -key
688fc978029e4bd309eaebea1e139ee6c461e08e19b714264dd91fbb62f5ca7c
$ base64 -d | box open -from stefan-test
AgAAAHYwSO+xQIT5meBNroABRxnwz1nF8Apub/z5OiqCftZUpGTBbcejwe6XQF4lpAnhW9YG
NAl9/zdLkj8FOG2NQmhbx82HXJv1Ju2c1w==
Hello, Karl :-)

Regards
Stefan
```

```
$ box seal -to stefan-test | base64
Note: reading payload from stdin
Stefan, I got:
AgAAAHYwSO+xQIT5meBNroABRxnwz1nF8Apub/z5OiqCftZUpGTBbcejwe6XQF4lpAnhW9YG
NAl9/zdLkj8FOG2NQmhbx82HXJv1Ju2c1w==
from you.  Is this the same encrypted message as the one you sent?
I'm expecting that it is.

```

```
AgAAAHYwNwAAACYoBMBoexWybVHaD6gSUYQvDho9F4ptZ5/fwtJrejNmwpXToWN2YtBqg3v6886R
QsxcjqLBKxZ1ZhsWlHZ+bZ2/DL7v+1IdT9m1xMl18QCigsZEbLovKiYMpddxBnqGgF4MeTX6
ptxfE8duAZQ3+wc+ij+Z1TmZScTHd9bxcGlkn0aj2nfuaFDFRP/fm3I50iL6QwXpNyMKD8Oj2+5k
RIfQpn2OxScgn6wauUL1TQAAADacCd0xdLntxPiQU+LdyX+QexJkw8ZTZHPy3HkfuxKkQfwYLqX1
zMD8uOuP1mJ911dhbnnOEiYADkkeAJnDpp9TQD1PFV6wRhr5eRtJhgAAALgpH0r16Fkri92M4JPN
XfJNkW0PMnBpuUY2DTvP+gHKYLQAU7m5BQ9JkG5rU70/YQeWGHYn8BU40TVwj8o+FbPhuIer5qIq
hYj3v2cZVv6hCYdyj2bDuy1qBtqU+bBResYI9zFRTgWtpeiWJukKu921Bg9zZ9rqKkzcAI5h/wDe
6pVx6NCF
```

If I had sent a nacl-encrypted message to Stefan out of the blue, he
might have gotten excited to have received an encrypted message, and
accessed his offline machine to read it and reply.

On 10/12/20, Stefan Claas  wrote:
> Stefan Claas wrote:
>
>> Karl wrote:
>>
>> > Error: Command required
>> > $ ~/go/bin/box new-identity
>> > $ ~/go/bin/box list
>> > NAME  KIND  PUBLIC KEY
>> > self  identity
>> > c72e81da09e333bc8804205bcfcf3bd8821cad61ad862d57114339e5ee00a664
>> > $ ~/go/bin/box add-peer -name stefan -key
>> > cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
>> > $ ~/go/bin/box seal -to stefan > message.sealed
>> > Stefan: did you get this?
>> > [Ctrl-D to terminate entry] # I also changed something minor in the
>> > encrypted message, to support private communication.
>> > $ xxd -ps message.sealed
>> > 02007630420031c2f6d6329d2d26347613cb5e9c8f3e1848b707
>> > 9fcf674e0b744be30741f434f09490db0979b027825fc649d1cde868293d
>> > 078aba0045b435e25859e8b8814d7658
>> >
>> > Stefan, 02007630420031c2f6d6329d2d26347613cb5e9c8f3e1848b707
>> > 9fcf674e0b744be30741f434f09490db0979b027825fc649d1cde868293d
>> > 078aba0045b435e25859e8b8814d7658 ?
>> >
>> > -
>> > karl's-rhel7ae25thinkpad-that-mysteriously-freezes-up-when-he-leaves-it-online,
>> > naclbox
>> > c72e81da09e333bc8804205bcfcf3bd8821cad61ad862d57114339e5ee00a664
>>
>> In order to send me a message you would have to include your name too.
>>
>> $ box seal -from Karl -to Stefan SEALED, which then writes
>> a binary authenticated encrypted blob and which I could only open
>> then if I would be in possession of your pub key. It is also advised
>> when you send me such message that you consider to base64 etc. encode
>> it, prior sending/posting.
>>
>> BTW. my key is currently on my offline computer which I am not using
>> now, because I am a bit busy with other things on my online computer.
>
> Ouch, just overlooked that you created a key, sorry!
>
> $ box add-peer -name Karl -key
> c72e81da09e333bc8804205bcfcf3bd8821cad61ad862d57114339e5ee00a664
>
> A *test* key of mine you can use:
> 688fc978029e4bd309eaebea1e139ee6c461e08e19b714264dd91fbb62f5ca7c
>
> a test message for you, additionally base64 encoded:
>
> AgAAAHYwSO+xQIT5meBNroABRxnwz1nF8Apub/z5OiqCftZUpGTBbcejwe6XQF4lpAnhW9YG
> NAl9/zdLkj8FOG2NQmhbx82HXJv1Ju2c1w==
>
> Regards
> Stefan
>
> --
> NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
>   The computer helps us to solve problems, we did not have without him.
>

Re: Setting up PGP

Calming down partially,

On 10/12/20, Stefan Claas  wrote:
>> > Another approach I am currently playing with is to play with NFC tags
>> > and
>> > a reader/writer device, which can be used offline as well.
>>
>> I don't know why you would ever consider an NFC radio secure, where
>> did you get this idea?  I'm probably getting into a state of mind
>> where I assume I know more than you (when I might not) because you
>> mentioned plugging a radio into an airgapped device and using it to
>> communicate.  Really, it's possible to make that very secure, but with
>> the radio chip likely being closed source, it doesn't sound easy to my
>> kinda limited mind.
>
> The range of these little NFC tags is only a few centimeters/inches.
> and I guess if someone could (in theory) listen to your offline device,
> then it does not make any difference IMHO if you use and additional
> NFC reader/writer and your offline device.

What's most important here is that we support Stefan in using
airgapped communication, because it's kinda rare in the larger world,
and it's pretty important.  Most people probably don't know how to get
through an airgap.

It's really hard for us to weigh things like this without considering
specifics of situations, but I would want to reduce the number of
chips and especially intentional emissions that clearly correlate with
my data.  Given other options work, I wouldn't use a radio, unless it
is convenient and easy to do so, so that the airgapping actually
happens.  Amplification, multiple transceivers, and accumulation of
similar parts of information over a long period of time, can almost
arbitrarily increase range.

>
> The reason why I mentioned NFC tags is that they fit nicely on postcards or
> in letters (and can be protected with covers), can be password protected
> and also allow encryption, depending on the type used.

fitting nicely is a great plus.  need an indicator on them to show
when they are being accessed.  might be easy to add if we build one
ourselves.  personally i'd want a wired option; they broadcast in all
directions and antennas can be made arbitrarily large.  i think a huge
plus is that they are a common technology right now, so it is easy for
people to get them.

>> I'm inferring by FTDI USB to USB cable, you mean a serial cable with
>> FTDI USB serial converters (which I've had occasion to run into but
>> don't know well) at both ends.  That sounds pretty reasonable and
>> shows you have a clue; i don't know whether people still consider
>> systems to be airgapped when they are networked with a serial cable,
>> or not.  If we fast forward to emissions a bit, a serial cable is a
>> long wire, so it's going to broadcast the stuff transmitted over it
>> like an antenna, and pick up electromagnetic effects like one too.
>>
>> I don't know a lot about FTDI converters, but I know that most things
>> you buy from a corporation are not secure by default.  My biggest
>> poorly-informed worry is that voltage glitching from the connected
>> device could be used to compromise the 'airgapped' device in some
>> obscure way.  Additionally it can be hard to find FTDI converters
>> locally.  Sounds pretty airgapped in this day and age, though.
>
> Well, a while ago I looked for options to work with an air-gapped
> computer, but was not sure if one should use a secure USB stick,
> for example and found this FTDI solution. I ordered such cable
> relatively cheap from alibab.com, because here in Europe these
> cables are only sold to companies, which can re-sell them and
> the price tag is much much higher.

ftdi cable is a nice solution.  you can also order a fiberoptic
transciever and use optical.
usbs have microchips that accept code updates, but that's pretty low latency.

>> While tumbling through this ordeal I once made this software, which is
>> a small program to communicate ascii text by bit-banging one or two
>> wire connections:
>> https://github.com/xloem/openemissions/tree/master/tincanterm
>
> Nice, will take a look.
>
>> One of the best solutions for low-latency communication would seem to
>> me to be writing your own bit-banging or communication software on the
>> fresh linux installation, so that no installation of new software is
>> needed, preferably using a visual or audio connection so that voltage
>> glitching is impossible, although these channels can still be high
>> bandwidth unintentionally.  But if you understand the communication
>> system and security concerns in depth, go right ahead with any of it.
>
> With audio cables I have also experimented and with HTML based software
> run in a browser. But this was error prone and the transmission speed
> was to slow. IIRC correctly the popular FOSS software minimodem can do
> this too, but is unfortunately not cross-platform.
>>
>> Something I value is very high latency communications.  For example,
>> using CDRs was a very secure thing that corporate progress has almost
>> done away with.  Burn your information to a

Re: Trying to Connect with a Hacker Online

Stefan Claas wrote:
 
> Karl wrote:
> 
> > Error: Command required
> > $ ~/go/bin/box new-identity
> > $ ~/go/bin/box list
> > NAME  KIND  PUBLIC KEY
> > self  identity  
> > c72e81da09e333bc8804205bcfcf3bd8821cad61ad862d57114339e5ee00a664
> > $ ~/go/bin/box add-peer -name stefan -key
> > cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
> > $ ~/go/bin/box seal -to stefan > message.sealed
> > Stefan: did you get this?
> > [Ctrl-D to terminate entry] # I also changed something minor in the
> > encrypted message, to support private communication.
> > $ xxd -ps message.sealed
> > 02007630420031c2f6d6329d2d26347613cb5e9c8f3e1848b707
> > 9fcf674e0b744be30741f434f09490db0979b027825fc649d1cde868293d
> > 078aba0045b435e25859e8b8814d7658
> > 
> > Stefan, 02007630420031c2f6d6329d2d26347613cb5e9c8f3e1848b707
> > 9fcf674e0b744be30741f434f09490db0979b027825fc649d1cde868293d
> > 078aba0045b435e25859e8b8814d7658 ?
> > 
> > - 
> > karl's-rhel7ae25thinkpad-that-mysteriously-freezes-up-when-he-leaves-it-online,
> > naclbox c72e81da09e333bc8804205bcfcf3bd8821cad61ad862d57114339e5ee00a664
> 
> In order to send me a message you would have to include your name too.
> 
> $ box seal -from Karl -to Stefan SEALED, which then writes
> a binary authenticated encrypted blob and which I could only open
> then if I would be in possession of your pub key. It is also advised
> when you send me such message that you consider to base64 etc. encode
> it, prior sending/posting.
> 
> BTW. my key is currently on my offline computer which I am not using
> now, because I am a bit busy with other things on my online computer.

Ouch, just overlooked that you created a key, sorry!

$ box add-peer -name Karl -key 
c72e81da09e333bc8804205bcfcf3bd8821cad61ad862d57114339e5ee00a664

A *test* key of mine you can use: 
688fc978029e4bd309eaebea1e139ee6c461e08e19b714264dd91fbb62f5ca7c

a test message for you, additionally base64 encoded:

AgAAAHYwSO+xQIT5meBNroABRxnwz1nF8Apub/z5OiqCftZUpGTBbcejwe6XQF4lpAnhW9YG
NAl9/zdLkj8FOG2NQmhbx82HXJv1Ju2c1w==

Regards
Stefan

-- 
NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
  The computer helps us to solve problems, we did not have without him.

Re: Trying to Connect with a Hacker Online

Karl wrote:

> Error: Command required
> $ ~/go/bin/box new-identity
> $ ~/go/bin/box list
> NAME  KIND  PUBLIC KEY
> self  identity  
> c72e81da09e333bc8804205bcfcf3bd8821cad61ad862d57114339e5ee00a664
> $ ~/go/bin/box add-peer -name stefan -key
> cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
> $ ~/go/bin/box seal -to stefan > message.sealed
> Stefan: did you get this?
> [Ctrl-D to terminate entry] # I also changed something minor in the
> encrypted message, to support private communication.
> $ xxd -ps message.sealed
> 02007630420031c2f6d6329d2d26347613cb5e9c8f3e1848b707
> 9fcf674e0b744be30741f434f09490db0979b027825fc649d1cde868293d
> 078aba0045b435e25859e8b8814d7658
> 
> Stefan, 02007630420031c2f6d6329d2d26347613cb5e9c8f3e1848b707
> 9fcf674e0b744be30741f434f09490db0979b027825fc649d1cde868293d
> 078aba0045b435e25859e8b8814d7658 ?
> 
> - 
> karl's-rhel7ae25thinkpad-that-mysteriously-freezes-up-when-he-leaves-it-online,
> naclbox c72e81da09e333bc8804205bcfcf3bd8821cad61ad862d57114339e5ee00a664

In order to send me a message you would have to include your name too.

$ box seal -from Karl -to Stefan SEALED, which then writes
a binary authenticated encrypted blob and which I could only open
then if I would be in possession of your pub key. It is also advised
when you send me such message that you consider to base64 etc. encode
it, prior sending/posting.

BTW. my key is currently on my offline computer which I am not using
now, because I am a bit busy with other things on my online computer.

Regards
Stefan






-- 
NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
  The computer helps us to solve problems, we did not have without him.

Re: Setting up PGP

Karl wrote:

Hi Karl,

> > Another approach I am currently playing with is to play with NFC tags and
> > a reader/writer device, which can be used offline as well.
> 
> I don't know why you would ever consider an NFC radio secure, where
> did you get this idea?  I'm probably getting into a state of mind
> where I assume I know more than you (when I might not) because you
> mentioned plugging a radio into an airgapped device and using it to
> communicate.  Really, it's possible to make that very secure, but with
> the radio chip likely being closed source, it doesn't sound easy to my
> kinda limited mind.

The range of these little NFC tags is only a few centimeters/inches.
and I guess if someone could (in theory) listen to your offline device,
then it does not make any difference IMHO if you use and additional
NFC reader/writer and your offline device.

The reason why I mentioned NFC tags is that they fit nicely on postcards or
in letters (and can be protected with covers), can be password protected
and also allow encryption, depending on the type used.
> 
> I'm inferring by FTDI USB to USB cable, you mean a serial cable with
> FTDI USB serial converters (which I've had occasion to run into but
> don't know well) at both ends.  That sounds pretty reasonable and
> shows you have a clue; i don't know whether people still consider
> systems to be airgapped when they are networked with a serial cable,
> or not.  If we fast forward to emissions a bit, a serial cable is a
> long wire, so it's going to broadcast the stuff transmitted over it
> like an antenna, and pick up electromagnetic effects like one too.
> 
> I don't know a lot about FTDI converters, but I know that most things
> you buy from a corporation are not secure by default.  My biggest
> poorly-informed worry is that voltage glitching from the connected
> device could be used to compromise the 'airgapped' device in some
> obscure way.  Additionally it can be hard to find FTDI converters
> locally.  Sounds pretty airgapped in this day and age, though.

Well, a while ago I looked for options to work with an air-gapped
computer, but was not sure if one should use a secure USB stick,
for example and found this FTDI solution. I ordered such cable
relatively cheap from alibab.com, because here in Europe these
cables are only sold to companies, which can re-sell them and
the price tag is much much higher.
> 
> While tumbling through this ordeal I once made this software, which is
> a small program to communicate ascii text by bit-banging one or two
> wire connections:
> https://github.com/xloem/openemissions/tree/master/tincanterm

Nice, will take a look.
 
> One of the best solutions for low-latency communication would seem to
> me to be writing your own bit-banging or communication software on the
> fresh linux installation, so that no installation of new software is
> needed, preferably using a visual or audio connection so that voltage
> glitching is impossible, although these channels can still be high
> bandwidth unintentionally.  But if you understand the communication
> system and security concerns in depth, go right ahead with any of it.

With audio cables I have also experimented and with HTML based software
run in a browser. But this was error prone and the transmission speed
was to slow. IIRC correctly the popular FOSS software minimodem can do
this too, but is unfortunately not cross-platform.
> 
> Something I value is very high latency communications.  For example,
> using CDRs was a very secure thing that corporate progress has almost
> done away with.  Burn your information to a CD, then load it on
> another computer.  The CD has no microchips, the information is there
> for easy review, it doesn't alter the voltage between any electrical
> terminals on your system, and if you don't reuse cds then even if your
> airgapped system is compromised, there is no obviously related way to
> quickly send reply messages back to the system to alter its behavior.
> High latency is good.  Only communicating when the user tells it to is
> crucial.

Yes, but can nowadays devices (Raspberry Pi for example) handle CDs?

> Here's a piece of software I tried to make for transmitting QR codes:
> https://github.com/xloem/qrstream

Will check that out too.

Regards
Stefan

-- 
NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
  The computer helps us to solve problems, we did not have without him.

Re: Trying to Connect with a Hacker Online

On 10/12/20, Stefan Claas  wrote:
>> In the next possible episode, we would either make a sourcefile to
>> send a message to the hacker by again copying from that same website,
>> or find a pre-existing tool that already does so, and then try sending
>> a message to see if we even interpreted their signature at all
>> correctly.  We might also make an embarrassed reply, asking what their
>> signature means, or search the archives of the list to find a clear
>> explanation of it sitting there.
>
> Hi,
>
> modern programming languages like Golang have the NaCl crypto library
> already included.
>
> An easy to use NaClbox application to use is for example:
>
> https://github.com/rovaughn/box
>
> Regards
> Stefan
>
> --
> NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
>   The computer helps us to solve problems, we did not have without him.
>

```
$ go get github.com/rovaughn/box
$ ~/go/bin/box
box help
box new-identity [-name NAME]
box add-peer -name NAME -key PUBLICKEY
box list [NAME ...]
box seal [-from IDENTITY] -to PEER SEALED
box open -from PEER [-to IDENTITY] MESSAGE

Error: Command required
$ ~/go/bin/box new-identity
$ ~/go/bin/box list
NAME  KIND  PUBLIC KEY
self  identity  c72e81da09e333bc8804205bcfcf3bd8821cad61ad862d57114339e5ee00a664
$ ~/go/bin/box add-peer -name stefan -key
cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
$ ~/go/bin/box seal -to stefan > message.sealed
Stefan: did you get this?
[Ctrl-D to terminate entry] # I also changed something minor in the
encrypted message, to support private communication.
$ xxd -ps message.sealed
02007630420031c2f6d6329d2d26347613cb5e9c8f3e1848b707
9fcf674e0b744be30741f434f09490db0979b027825fc649d1cde868293d
078aba0045b435e25859e8b8814d7658

Stefan, 02007630420031c2f6d6329d2d26347613cb5e9c8f3e1848b707
9fcf674e0b744be30741f434f09490db0979b027825fc649d1cde868293d
078aba0045b435e25859e8b8814d7658 ?

- 
karl's-rhel7ae25thinkpad-that-mysteriously-freezes-up-when-he-leaves-it-online,
naclbox c72e81da09e333bc8804205bcfcf3bd8821cad61ad862d57114339e5ee00a664

Re: Building Tor from Source

2020-10-12 Thread coderman

Hello Karl!

It looks like your OpenSSL headers don't match what Tor expects during 
`configure`.

You can try updating your openssl-devel libraries, (sometimes called libssl, 
libcrypto, ssl-dev, etc. Check accordingly for your distro).

You can try building and linking against your own SSL, ala:
./Configure --prefix=/usr no-idea no-rc5 no-mdc2 zlib-dynamic threads shared

just remember to pass the right options to configure!

If neither of these work, let me know what OS distribution you're on, and what 
version is returned by `openssl version`, and I'll try to help...

best regards,

‐‐‐ Original Message ‐‐‐
On Sunday, October 11, 2020 9:15 PM, Karl  wrote:

> hey coderman,
>
> you know a lot more about this than me, do you know how to quickly fix
> my ssl error?  [ build adventure continues... ]

Re: Trying to Connect with a Hacker Online

Karl wrote:
 
[...]

> In the next possible episode, we would either make a sourcefile to
> send a message to the hacker by again copying from that same website,
> or find a pre-existing tool that already does so, and then try sending
> a message to see if we even interpreted their signature at all
> correctly.  We might also make an embarrassed reply, asking what their
> signature means, or search the archives of the list to find a clear
> explanation of it sitting there.

Hi,

modern programming languages like Golang have the NaCl crypto library
already included.

An easy to use NaClbox application to use is for example:

https://github.com/rovaughn/box

Regards
Stefan






-- 
NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
  The computer helps us to solve problems, we did not have without him.

Re: Setting up PGP

I'm actually reading this a few times to try to force all the
interconnected meaning into my messed up short term memory, and I
think John is saying he can help us if I can translate.

On 10/12/20, Karl  wrote:
> On 10/12/20, Karl  wrote:
>> Received this reply late.
>>
>> On 10/12/20, John Young  wrote:
>>> Use of any online or digital programs and/or devices for
>>> comsec/infosec should be avoided unless completely enclosed and
>>> transmitted with non-online or non-digital means. There are a number
>>> of non-onlne and non-digital means available, the first and most
>>> reliable is your brain so long as it is not contaminated with belief
>>> in online and digital prejudice now over a century in promulgaton.
>>> The principal efforts for this promulgation is computers, coding,
>>> obfuscation, propaganda, arcanity, scientism, residual astrology,
>>> confidence gaming, spouting mantras, i.e., "cypherpunks write code."

John's saying that you need to shield your communication device and
write down or memorize anything you want to bring in or out of the
shielded enclosure.  Nothing with metal moves in or out of the
shielded enclosure.  He's also saying there may be minimal need for
digital cryptography, maybe to a smaller audience.

>>> https://www.google.com/search?q=cypherpunks+write+code=1C1AOHY_enUS708US708=cypherpunks+write+code=chrome..69i57.5595j0j7=chrome=UTF-8
>>> This oh so cool mantra derives from the magicial, bewitching
>>> lodestone "national security," the abiding weapon of nations governed
>>> as royalty, heirarchical, the few overlording the many with force,
>>> elections, education, faith and trivializing deriviatives of
>>> entertainment, media, chat, parties, militants, rebels,
>>> revolutionaries, independents, intellectuals, geniuses, "democracies"
>>> ruled by  kingdoms of presidents, congresses, courts.

Here I think John is saying that the cypherpunks movement stems from
authority itself, which anybody who _isn't_ a cypherpunk and _doesn't_
understand computers well, would likely assume.

>>> Nonetheless, always a nonetheless apologia for top-down regimes, far
>>> more rewarding to cooperate with authorities than to defy them, more
>>> lucrative too. So backdoors in crypto, each and every version, must
>>> be inherent code, along with outpourings of assurances there are
>>> workarounds to escape the many and be one of the few. Today, that is
>>> marketed as "smart."

I think John here might be expressing frustration, it's hard to tell.

John, do you think the people putting backdoors in their cryptography
_want_ to?  Do you trust that all these unsigned messages are actually
from your friends hearts?  Ask any marketing worker with goonies like
us behind them: backdoors in consumer software and hardware are _bugs_
to be _squashed_: _stupid_ _errors_, not _smart_ _code_!

>>> At 06:23 AM 10/12/2020, Stefan Claas wrote:
Karl wrote:

[...]

 > After finding a good candidate airgapped device, you'll want to be
 > careful with how you use it.  Remember, whenever a new vulnerability
 > is found, trojans cover the world taking advantage of it, and then
 > try
 > to find a way to hide inside the corners of all the systems they
 > find.
 > So, any drive you put in your new device, anything you plug into it,
 > any update you apply, could be filled with computer-measles that
 > would
 > find a way to trick it into giving remote control to them.  Keep it
 > isolated until you have things set up for use.
 >
 > The next step after getting a reasonable airgapped device, maybe a pi
 > zero, and ideally keeping it isolated, would be to install gnupg on
 > it.  Maybe in a forthcoming email!

GnuPG should be already installed with Linux (Raspberian OS etc.). The
thing I would like ask you, how would you communicate securely with your
air-gapped device?

What I did in the past was to install on the online device and offline
device the free (cross-platform) software CoolTerm and I connected both
devices with an FTDI USB to USB cable, so that I could do serial
communications
and was also able to see how many bytes (from a PGP message) was
 transfered.

Another approach I am currently playing with is to play with NFC tags
 and
a reader/writer device, which can be used offline as well.

Regards
Stefan

--
NaClbox:
 cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
   The computer helps us to solve problems, we did not have without him.
>>>
>>>
>>>
>>
>

Re: Setting up PGP

On 10/12/20, Karl  wrote:
> Received this reply late.
>
> On 10/12/20, John Young  wrote:
>> Use of any online or digital programs and/or devices for
>> comsec/infosec should be avoided unless completely enclosed and
>> transmitted with non-online or non-digital means. There are a number
>> of non-onlne and non-digital means available, the first and most
>> reliable is your brain so long as it is not contaminated with belief
>
> This shows that this guy has never been [s/hit in the head with a
> baseball bat by a corporate goonie/forgetful/] or at least is too
> [s/embarrassed among all these hackers/scared among all these
> international influences/] to talk about it straight.  Brains are
> reliable because they teach us how to jump into burning dumpsters to
> escape being hunted by goonies, not because they can store anything
> permanently.
>
>> in online and digital prejudice now over a century in promulgaton.
>> The principal efforts for this promulgation is computers, coding,
>> obfuscation, propaganda, arcanity, scientism, residual astrology,
>> confidence gaming, spouting mantras, i.e., "cypherpunks write code."

Adding recognition, late, that John is expressing _dislike_ of
technology and software development.  punk-stasi would like that, I
imagine.

>
> You can tell this guy is a legit hacker because he is proposing to
> write software instead of doing anything else.  He's even reminding us
> that it is expected that everybody here has that opinion.  I can't
> really understand most of what else he's saying.
>
>>
>> https://www.google.com/search?q=cypherpunks+write+code=1C1AOHY_enUS708US708=cypherpunks+write+code=chrome..69i57.5595j0j7=chrome=UTF-8
>
> I typed this into duckduckgo ("cypherpunks write code") and got
> results that look really great to me.  I haven't tried google,
> although usually I do try to [s/brainwash myself permanently in the
> databases of people who hate my values/work with any success with my
> corporate friends/] with it.
>
>> This oh so cool mantra derives from the magicial, bewitching
>> lodestone "national security," the abiding weapon of nations governed
>> as royalty, heirarchical, the few overlording the many with force,
>> elections, education, faith and trivializing deriviatives of
>> entertainment, media, chat, parties, militants, rebels,
>> revolutionaries, independents, intellectuals, geniuses, "democracies"
>> ruled by  kingdoms of presidents, congresses, courts.
>>
>> Nonetheless, always a nonetheless apologia for top-down regimes, far
>> more rewarding to cooperate with authorities than to defy them, more
>> lucrative too. So backdoors in crypto, each and every version, must
>> be inherent code, along with outpourings of assurances there are
>> workarounds to escape the many and be one of the few. Today, that is
>> marketed as "smart."
>
> Some of these words are likely a pretty avenue for new upcoming
> hackers, like looking at a sunrise.  If understood, you might be able
> to use them to [s/manipulate everyone using google into ignoring the
> cypherpunks movement and becoming corporate workers/make peace with
> the people here who seem able to out-hack you/].
>
> It sounds like he's also saying that cypherpunks is totally coopted by
> government.  Maybe we should ask them if they can help us with our
> [s/spy mafia/forgetfulness/] issues?
>
> Noo .  we know that govcorp is bad because it has [s/ripped our
> bodies and communities to shreds/raised prices on important things
> that people need/].  If this guy is a legit hacker (which is implied
> by his "cypherpunks write code" expression), then by talking about
> valuing backdoors in everything and national security, he would be
> being _obviously sarcastic_, _begging for help_, a _corporate goonie
> smart enough to say "cypherpunks write code"_, or most likely has been
> _coerced by extensive mean experiences stemming from corporate
> goonies_.  This means he is somebody who can help us, and somebody we
> can help, both!
>
>> At 06:23 AM 10/12/2020, Stefan Claas wrote:
>>>Karl wrote:
>>>
>>>[...]
>>>
>>> > After finding a good candidate airgapped device, you'll want to be
>>> > careful with how you use it.  Remember, whenever a new vulnerability
>>> > is found, trojans cover the world taking advantage of it, and then try
>>> > to find a way to hide inside the corners of all the systems they find.
>>> > So, any drive you put in your new device, anything you plug into it,
>>> > any update you apply, could be filled with computer-measles that would
>>> > find a way to trick it into giving remote control to them.  Keep it
>>> > isolated until you have things set up for use.
>>> >
>>> > The next step after getting a reasonable airgapped device, maybe a pi
>>> > zero, and ideally keeping it isolated, would be to install gnupg on
>>> > it.  Maybe in a forthcoming email!
>>>
>>>GnuPG should be already installed with Linux (Raspberian OS etc.). The
>>>thing I would like ask you, how would you communicate

Re: Setting up PGP

Received this reply late.

On 10/12/20, John Young  wrote:
> Use of any online or digital programs and/or devices for
> comsec/infosec should be avoided unless completely enclosed and
> transmitted with non-online or non-digital means. There are a number
> of non-onlne and non-digital means available, the first and most
> reliable is your brain so long as it is not contaminated with belief

This shows that this guy has never been [s/hit in the head with a
baseball bat by a corporate goonie/forgetful/] or at least is too
[s/embarrassed among all these hackers/scared among all these
international influences/] to talk about it straight.  Brains are
reliable because they teach us how to jump into burning dumpsters to
escape being hunted by goonies, not because they can store anything
permanently.

> in online and digital prejudice now over a century in promulgaton.
> The principal efforts for this promulgation is computers, coding,
> obfuscation, propaganda, arcanity, scientism, residual astrology,
> confidence gaming, spouting mantras, i.e., "cypherpunks write code."

You can tell this guy is a legit hacker because he is proposing to
write software instead of doing anything else.  He's even reminding us
that it is expected that everybody here has that opinion.  I can't
really understand most of what else he's saying.

>
> https://www.google.com/search?q=cypherpunks+write+code=1C1AOHY_enUS708US708=cypherpunks+write+code=chrome..69i57.5595j0j7=chrome=UTF-8

I typed this into duckduckgo ("cypherpunks write code") and got
results that look really great to me.  I haven't tried google,
although usually I do try to [s/brainwash myself permanently in the
databases of people who hate my values/work with any success with my
corporate friends/] with it.

> This oh so cool mantra derives from the magicial, bewitching
> lodestone "national security," the abiding weapon of nations governed
> as royalty, heirarchical, the few overlording the many with force,
> elections, education, faith and trivializing deriviatives of
> entertainment, media, chat, parties, militants, rebels,
> revolutionaries, independents, intellectuals, geniuses, "democracies"
> ruled by  kingdoms of presidents, congresses, courts.
>
> Nonetheless, always a nonetheless apologia for top-down regimes, far
> more rewarding to cooperate with authorities than to defy them, more
> lucrative too. So backdoors in crypto, each and every version, must
> be inherent code, along with outpourings of assurances there are
> workarounds to escape the many and be one of the few. Today, that is
> marketed as "smart."

Some of these words are likely a pretty avenue for new upcoming
hackers, like looking at a sunrise.  If understood, you might be able
to use them to [s/manipulate everyone using google into ignoring the
cypherpunks movement and becoming corporate workers/make peace with
the people here who seem able to out-hack you/].

It sounds like he's also saying that cypherpunks is totally coopted by
government.  Maybe we should ask them if they can help us with our
[s/spy mafia/forgetfulness/] issues?

Noo .  we know that govcorp is bad because it has [s/ripped our
bodies and communities to shreds/raised prices on important things
that people need/].  If this guy is a legit hacker (which is implied
by his "cypherpunks write code" expression), then by talking about
valuing backdoors in everything and national security, he would be
being _obviously sarcastic_, _begging for help_, a _corporate goonie
smart enough to say "cypherpunks write code"_, or most likely has been
_coerced by extensive mean experiences stemming from corporate
goonies_.  This means he is somebody who can help us, and somebody we
can help, both!

> At 06:23 AM 10/12/2020, Stefan Claas wrote:
>>Karl wrote:
>>
>>[...]
>>
>> > After finding a good candidate airgapped device, you'll want to be
>> > careful with how you use it.  Remember, whenever a new vulnerability
>> > is found, trojans cover the world taking advantage of it, and then try
>> > to find a way to hide inside the corners of all the systems they find.
>> > So, any drive you put in your new device, anything you plug into it,
>> > any update you apply, could be filled with computer-measles that would
>> > find a way to trick it into giving remote control to them.  Keep it
>> > isolated until you have things set up for use.
>> >
>> > The next step after getting a reasonable airgapped device, maybe a pi
>> > zero, and ideally keeping it isolated, would be to install gnupg on
>> > it.  Maybe in a forthcoming email!
>>
>>GnuPG should be already installed with Linux (Raspberian OS etc.). The
>>thing I would like ask you, how would you communicate securely with your
>>air-gapped device?
>>
>>What I did in the past was to install on the online device and offline
>>device the free (cross-platform) software CoolTerm and I connected both
>>devices with an FTDI USB to USB cable, so that I could do serial
>>communications
>>and was also able to see

Trying to Connect with a Hacker Online

So, every hacker [s/is slowly forgetting due to global gaslighting and
abuse/knows firmly/] that plaintext, unsigned communications are
pointless because all the political influences between you and the
person you're communicating with will alter your communications.  In
order to connect we have to find each other on networks that are more
reliable than e-mail.

A clue to finding these networks, people, and other exotic
information, is weird strings of numbers and letters that seem like
random gobbledygook, almost as if we were copy and pasting computer
glitches to each other.  No, these confusing strings of characters are
the words of computer hackers: especially if the alphabetic characters
never exceed 'f' in the alphabet, which does not stand for 'fuck this
is confusing', but rather for 'we made computers highly efficient by
braking them into powers of two'.  It's called hexadecimal.

> On 10/12/20, Stefan Claas  wrote:
[snip...]
>> Regards
>> Stefan
>>
>>
>> --
>> NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
>>   The computer helps us to solve problems, we did not have without him.

Here, we have a hexadecimal string associated with the phrase
'NaClbox'.  'NaCl' is a stupid-people-who-use-computers word for
encryption and verification.  'box' is the same for computer.

Let's search for it and see i we can find this random string of hexadecimal!

This time, I'm going to [s/heal my injured spine/wise up to the
manipulative marketing AIs/] just a smidge, and use a search engine
other than google.  Even better would be _asking a human being_, but
we're not quite that smart yet.  I'll try duckduckgo.

I typed 'naclbox' into duckduckgo and the first hit is ...
https://www.naclbox.com/ !  This has to be it, right?  It has the
right domain name!  A computer game thing!  This hacker must have been
asking us to play computer games with them, how friendly!

Let's do some wizardry called a 'dns lookup' on that url.  There's a
way, given _any url_, to get information on who purchased it and stuff
like that.  If [s/you're actually part of a major corporate conspiracy
and are frequently hired to kill people who look into the origins of
coverups/you have schizophrenia from too many dns lookups/] you may
have trouble doing this important research, but it's not very hard to
do.

Searching the internet for "lookup dns purchase command line", I see a
way to copy the term that [s/gives me severe traumatic flashbacks/i
haven't learned to use yet/]: "whois".  My system doesn't have "whois"
installed because I'm a normal person, not a mumbo-jumbo computer
wizard, but I can install it like any other package, and run it on
www.naclbox.com:

```
$ whois naclbox.com
   Domain Name: NACLBOX.COM
   Registry Domain ID: 1653881042_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.gandi.net
   Registrar URL: http://www.gandi.net
   Updated Date: 2020-03-27T19:42:08Z
   Creation Date: 2011-05-01T15:51:02Z
   Registry Expiry Date: 2021-05-01T15:51:02Z
   Registrar: Gandi SAS
   Registrar IANA ID: 81
   Registrar Abuse Contact Email: ab...@support.gandi.net
   Registrar Abuse Contact Phone: +33.170377661
   Domain Status: clientTransferProhibited
https://icann.org/epp#clientTransferProhibited
   Name Server: NS-1219.AWSDNS-24.ORG
   Name Server: NS-1965.AWSDNS-53.CO.UK
   Name Server: NS-259.AWSDNS-32.COM
   Name Server: NS-544.AWSDNS-04.NET
   DNSSEC: unsigned
   URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2020-10-12T13:36:17Z <<<
```

This record claims that the domain was purchased on 2011 and expires
2021.  It's been a really long time since I've done this, but I was
expecting to see some information on e.g. a technical contact or
something: a real human being associated with the website.  Maybe I
have too look somewhere else.  I tried this:
```
$ whois -h whois.gandhi.net naclbox.com
```
which just sits there and hangs.

Anyway, it sounds like the _cryptographic_ nacl project would be able
to purchase this domain in 2021 if they wanted.  Farther down the
duckduckgo results is a more promising link, that leads to
https://pkg.go.dev/golang.org/x/crypto/nacl/box .  Unfortunately, this
project now calls itself "package box", not "nacl box", which is
discouraging.  Still, we can look it over.

Woohoo!  "package box" says it is a generic frontend for NaCl
encryption, which implies that it's possible that the signature we
found is a public key for sending somebody private messages in a
reliable manner, and that any tool that does this NaCl encryption can
communicate with him.  "package box" links to a central nacl website:
https://nacl.cr.yp.to/box.html .

A great way to check if we interpreted these
letters-and-numbers-mumbo-jumbo correctly is to try to use them.
We'll try to send this guy ... what's their name?

>> NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675

We'll try to send

Re: Setting up PGP

Hey, Stefan =)  Confused novel below.

On 10/12/20, Stefan Claas  wrote:
>> The next step after getting a reasonable airgapped device, maybe a pi
>> zero, and ideally keeping it isolated, would be to install gnupg on
>> it.  Maybe in a forthcoming email!
>
> GnuPG should be already installed with Linux (Raspberian OS etc.). The

What Stefan implies here is the best way, and he sounds more with it
than me a little.  If you can find Linux already installed it reduces
how much you need to transfer data in and out of the device, which is
a huge win because as I said anything you put in it could have digital
coronavirus, the one that takes over the system and puts somebody else
secretly in control.  It's not always possible to get linux
presupplied, and I haven't been to "microcenter" myself, but if your
store sells linux media this helps your situation.

Downloading linux over the internet is more dangerous, because as we
said your internet-connected device is likely compromised; for example
debian had a system-wide packaging compromise some years ago that they
did not handle well, and has had mysterious disappearing of their
tools for verifying system integrity after install; windows doesn't
even let its own users legitimately look inside the hood of the system
let alone demonstrating that it could be hard for others to.

> thing I would like ask you, how would you communicate securely with your
> air-gapped device?

Let's talk about that a bit.  I hadn't quite worried about talking
about it yet, because [s/I'm only free to do this stuff now if I talk
about in public/I hadn't figured out what to say yet/].  But like you,
I've pursued this in the past, and have some things to work off of.

> What I did in the past was to install on the online device and offline
> device the free (cross-platform) software CoolTerm and I connected both
> devices with an FTDI USB to USB cable, so that I could do serial
> communications
> and was also able to see how many bytes (from a PGP message) was
> transfered.
>
> Another approach I am currently playing with is to play with NFC tags and
> a reader/writer device, which can be used offline as well.

I don't know why you would ever consider an NFC radio secure, where
did you get this idea?  I'm probably getting into a state of mind
where I assume I know more than you (when I might not) because you
mentioned plugging a radio into an airgapped device and using it to
communicate.  Really, it's possible to make that very secure, but with
the radio chip likely being closed source, it doesn't sound easy to my
kinda limited mind.

I'm inferring by FTDI USB to USB cable, you mean a serial cable with
FTDI USB serial converters (which I've had occasion to run into but
don't know well) at both ends.  That sounds pretty reasonable and
shows you have a clue; i don't know whether people still consider
systems to be airgapped when they are networked with a serial cable,
or not.  If we fast forward to emissions a bit, a serial cable is a
long wire, so it's going to broadcast the stuff transmitted over it
like an antenna, and pick up electromagnetic effects like one too.

I don't know a lot about FTDI converters, but I know that most things
you buy from a corporation are not secure by default.  My biggest
poorly-informed worry is that voltage glitching from the connected
device could be used to compromise the 'airgapped' device in some
obscure way.  Additionally it can be hard to find FTDI converters
locally.  Sounds pretty airgapped in this day and age, though.

While tumbling through this ordeal I once made this software, which is
a small program to communicate ascii text by bit-banging one or two
wire connections:
https://github.com/xloem/openemissions/tree/master/tincanterm

One of the best solutions for low-latency communication would seem to
me to be writing your own bit-banging or communication software on the
fresh linux installation, so that no installation of new software is
needed, preferably using a visual or audio connection so that voltage
glitching is impossible, although these channels can still be high
bandwidth unintentionally.  But if you understand the communication
system and security concerns in depth, go right ahead with any of it.

Something I value is very high latency communications.  For example,
using CDRs was a very secure thing that corporate progress has almost
done away with.  Burn your information to a CD, then load it on
another computer.  The CD has no microchips, the information is there
for easy review, it doesn't alter the voltage between any electrical
terminals on your system, and if you don't reuse cds then even if your
airgapped system is compromised, there is no obviously related way to
quickly send reply messages back to the system to alter its behavior.
High latency is good.  Only communicating when the user tells it to is
crucial.

Here's a piece of software I tried to make for transmitting QR codes:
https://github.com/xloem/qrstream

But yeah, I

Re: Setting up PGP

John Young wrote:

> Use of any online or digital programs and/or devices for 
> comsec/infosec should be avoided unless completely enclosed and 
> transmitted with non-online or non-digital means. 

[...]

Thanks for your reply, much appreciated!

I think the problem nowadays is that when it comes to crypto etc.
you won't hear from well known Cryptographers or Programmers, in
this field, how to use Cryptography properly.

I, for example, can use unbreakable pen cyphers and as TRNG
scrabble tiles, pulled from a bag, and additionally to be able to
copy pads an 50' mechanical typewriter with blue paper instead of
hand writing them.

Best regards
Stefan

-- 
NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
  The computer helps us to solve problems, we did not have without him.

Re: Setting up PGP

2020-10-12 Thread John Young

Use of any online or digital programs and/or devices for 
comsec/infosec should be avoided unless completely enclosed and 
transmitted with non-online or non-digital means. There are a number 
of non-onlne and non-digital means available, the first and most 
reliable is your brain so long as it is not contaminated with belief 
in online and digital prejudice now over a century in promulgaton. 
The principal efforts for this promulgation is computers, coding, 
obfuscation, propaganda, arcanity, scientism, residual astrology, 
confidence gaming, spouting mantras, i.e., "cypherpunks write code."

https://www.google.com/search?q=cypherpunks+write+code=1C1AOHY_enUS708US708=cypherpunks+write+code=chrome..69i57.5595j0j7=chrome=UTF-8

This oh so cool mantra derives from the magicial, bewitching 
lodestone "national security," the abiding weapon of nations governed 
as royalty, heirarchical, the few overlording the many with force, 
elections, education, faith and trivializing deriviatives of 
entertainment, media, chat, parties, militants, rebels, 
revolutionaries, independents, intellectuals, geniuses, "democracies" 
ruled by  kingdoms of presidents, congresses, courts.

Nonetheless, always a nonetheless apologia for top-down regimes, far 
more rewarding to cooperate with authorities than to defy them, more 
lucrative too. So backdoors in crypto, each and every version, must 
be inherent code, along with outpourings of assurances there are 
workarounds to escape the many and be one of the few. Today, that is 
marketed as "smart."

At 06:23 AM 10/12/2020, Stefan Claas wrote:

Karl wrote:

[...]

> After finding a good candidate airgapped device, you'll want to be
> careful with how you use it.  Remember, whenever a new vulnerability
> is found, trojans cover the world taking advantage of it, and then try
> to find a way to hide inside the corners of all the systems they find.
> So, any drive you put in your new device, anything you plug into it,
> any update you apply, could be filled with computer-measles that would
> find a way to trick it into giving remote control to them.  Keep it
> isolated until you have things set up for use.
>
> The next step after getting a reasonable airgapped device, maybe a pi
> zero, and ideally keeping it isolated, would be to install gnupg on
> it.  Maybe in a forthcoming email!

GnuPG should be already installed with Linux (Raspberian OS etc.). The
thing I would like ask you, how would you communicate securely with your
air-gapped device?

What I did in the past was to install on the online device and offline
device the free (cross-platform) software CoolTerm and I connected both
devices with an FTDI USB to USB cable, so that I could do serial 
communications

and was also able to see how many bytes (from a PGP message) was transfered.

Another approach I am currently playing with is to play with NFC tags and
a reader/writer device, which can be used offline as well.

Regards
Stefan

--
NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
  The computer helps us to solve problems, we did not have without him.

Recovering Private Keys from a Destroyed Airgapped Device

Something that most victims of [s/having your life fucked up by being
made a corporate mafia bully/accidental destruction of property/]
don't all know is that it is incredibly hard to actually erase
anything from an electronic device.  So please if you tell your
friends let them know that [s/they need to kill you, because you would
be making it blindingly public that your group is surveilling this
mailing list/to keep it secret from anybody who would ever cave to
pressure to erase something/].

Me, I have an old device that I removed the radios from, that has
things like my expired gpg private key, and two factor authentication
codes for accessing various internet accounts that I no longer have
access to.  I used to keep it chained to my belt, which let everyone
who see me know that I was [s/a cool hacker to work with/a person with
exotic skills to limit and control/] except that no normal person has
any clue that it indicates that, because we haven't told them yet.

The way to recover all the data from a destroyed device depends on how
destroyed it is.  It's basically a process of exploration.  My device
no longer turns on, and my computers don't wear their coronavirus
masks; I would have already connected it to a system and copied the
data over with a normal USB cable if that worked.

What we will begin doing here is the pursuit of extracting the data
from the flash chip on the device itself.  Let me get my device first,
it's in my [s/messy broken truck that is my precious only home, where
i have vivid flashbacks of torture whenever i try to organize or even
enter it/desk drawer/].

... psychotic rummaging around ...

Well, I managed to find my box full of destroyed devices with
important information on them, but naturally I did not find the device
in question inside the box.  Instead, we will be opening an example
device, that does not have any crucial private keys, or inaccessible
cryptographic money, inside it, at all.

Here's a beat-up device on an envelope on a table in my parents'
basement.  I actually beat this device up myself, something [s/I was
forced to learn to do to protect my body and mind/I do by accident
when I'm a little careless/].  This phone has some valuable memories
of mine on it, that I haven't been able to access:
https://bico.media/de8fc4b698bf335a706ea59de7ce62b8db4faadf30840ed226cf0964fad84478

The first most important but optional piece of information is the
model number of the phone.  Looking on the back, I see it's an LG
phone.  Lucky for me, the back case snaps right off, like it's
designed to have its battery replaced or something.  Woah!  There's a
128GB SD card in here.  That'll be easy to image, and probably
contains boring large crucial trash like torrent downloads, source
code repositories, or bloated compiled libraries.  Under the battery
we find the model number: LX-X210APM.  This will be important to
google if we need help removing the flash chip, so we don't destroy
the next phone we try this on after further destroying this one.

Next we get to unscrew the back of the phone.  Anybody who
[s/reverse-engineers microchips from live explosives/thinks the
insides of devices are way cooler than the outsides/], has a set of
tiny little screwdrivers.  We'll be using some tiny screwdrivers --
just like those from a glasses repair kit you might by at a pharmacy
or something -- to remove the back of this phone:
https://bico.media/80a558bac401073824196cc762dc11abcdaa38d9efbbb2dfbdad692c550137f3

I'd like to take a little time to reference part of the phone visible
in that picture.  On the left you can see two or three of the antennas
included in the phone.  Each of these antennas is connected to its own
radio.  The antennas are often little conductive stickers placed on
plastic.  The antennas are removable, and you should remove them, but
this doesn't disable the radio, which can still communicate without an
antenna by using more power.  It does significantly reduce its range
and effectiveness.

There are 12 screws on the back of this device, and I will be removing
all of them.

... screws tumble around as a confused man tries to figure out how to
control his fingers ...

Arright.  They're all removed.  Like usual, the back still doesn't
come off.  Usually devices have these kind of one-way plastic snaps,
and you have to figure out where to insert pressure to get them to
unlatch without breaking.  Generally a repair guide tells how to do
this, although sometimes such guides are only available to
professional technicians. I try pressing on the back of the battery
compartment, gently and carefully flexing the body of the device, and
seeing if a tiny flathead screwdriver fits inside any of the crevices,
to see if there are any clues on how to remove the back plate.

At this point I develop an incredible urge to do things that will
destroy my phone, [s/because of being forcibly trained with extensive
torture to harm my own community and values, and the opportunity to
hurt the

Olberman: Trump supporters "must be prosecuted and convicted and removed from our society" after the election -- Re: USA 2020 Elections: Thread

DemonRATs, in the guise of Keith Olbermann, have a post election campaign to 
deal with Trump supporters: round 'em up for that  final  solution  ...

The moment, which seemed just a few short hours ago to be literally in-capable 
of being escalated once again just escalated (note, this is NOT 'The Bee'):

   Liberal lunatic Keith Olbermann says Trump supporters "must be prosecuted 
and convicted and removed from our society" after the election

https://notthebee.com/article/keith-olbermann-literally-said-trump-supporters-must-be-prosecuted-and-convicted-and-removed-from-our-society

  ... "So, let us brace ourselves. The task is two-fold: The terrorist
  Trump must be defeated, must be destroyed, must be devoured at the ballot
  box. And then he, and his enablers, and his supporters, and his
  collaborators, and the Mike Lees and the William Barrs, and Sean
  Hannitys, and the Mike Pences, and the Rudy Gullianis and the Kyle
  Rittenhouses and the Amy Coney Barretts must be prosecuted and convicted
  and removed from our society while we try to rebuild it."

  ..

On Sun, Oct 11, 2020 at 08:11:27PM -0300, Punk-BatSoup-Stasi 2.0 wrote:
> On Sun, 11 Oct 2020 16:19:10 -0400
> grarpamp  wrote:
> 
> > Americans are, in my experience, the warmest, most kind-hearted and
> > open-minded people in the world. 
> 
> 
>   new level of insanity reached by the 'grarpamp' cunt. 
> 
> 
> 
> 
>

Re: Setting up PGP