The Fossil Vault.
I have recently built two new WWW mirrors containing certain publicly-available software:
1. Historic Gentoo Distfiles.
I have been using Gentoo for nearly all Linux-related work since 2007. It was "the lesser of evils": to my knowledge, no other Linux variant ever offered a comparable level of rodenticidal control, while at the same time providing an adequate means of automatically cutting through "dependency hell".
This uniqueness made Gentoo a target for concerted attack by the Enemy, on a variety of fronts. Through creeping Poetteringism, the cancerous blight of GCC 5+, and the eventual decay -- fostered by corrupt maintainers -- of the portage system into unusability, it became nearly impossible to set up a hygienic Gentoo system from scratch.
The minute you try emerge --sync, you will be force-fed a boiling ocean of liquid shit under the name of "progress". And the machine will have to be scrubbed and re-OSed, if you wish to continue with civilized life on it.
Eventually I resorted to creating "canned" Gentoos using bitwise copies of old installations. (E.g. this system for ARM-64, and this one for AMD-64, are provided for my ISP service customers.)
One obvious problem with the "canned" approach is the decay of the official Gentoo distfiles mirrors. At one time these operated purely by accretion, i.e. added new packages while preserving the old. At a certain point this changed, and the servants of "progress" began to sabotage the ecosystem by deliberately removing "ungodly" packages. Mirror operators which refused to participate in this "cultural revolution" were delisted and you will not find them via the Gentoo WWW -- even supposing their mirrors are still standing (many have simply given up.)
Until and unless a cultural "reset" takes place, and something like what Gentoo tried to be in 2007 again exists as a living entity, I intend to continue the use of my hand-curated "fossilized" variants. And to make this easier for others, I have put together a public distfiles mirror:
http://dulap.xyz/gentoo/distfiles
... using the contents of my backup tapes from a multitude of Gentoo systems I have operated.
Gentoo users may add this URL to their GENTOO_MIRRORS list in /etc/portage/make.conf; or download any necessary tarballs into their local /usr/portage/distfiles by hand; this is a matter of taste.
WARNING: this repository is offered with no warranty or endorsement of any kind, and certainly contains software with dangerous flaws. It does not necessarily reflect the current configuration of any of the Gentoo machines I presently use (although packages from both the RK and the "Dulap" variant's default distfiles directories are all present.) I have trimmed some -- but by no means all! -- of the obvious garbage. It goes without saying that I am not responsible for the contents of the tarballs, or even their integrity. Please do not use tarballs for which you do not have an authoritative signature for safety-critical work! From this -- or any other public repository.
Any and all questions regarding the above -- I prefer to answer here.
People from my L1 WoT who wish to contribute specimens to this collection, are invited to contact me.
At this time, the Gentoo collection weighs ~16GB.
2. GNAT.
The following mirror now contains a multitude of GNAT and miscellaneous Ada-related packages/dependencies, obtained on April 10, 2020 via JFW's method:
http://dulap.xyz/ada
READMEs, as well as MS-Win and Apple binaries have been omitted. Packages with duplicate names are stored in the "dupes" subdirectories (1, 2, 3, 4, 5, 6, 7)
The same warning as given for the Gentoo repository applies to this collection.
At this time, the Ada collection weighs ~17GB. Aside from the binaries removal, this set was not curated in any way.
Readers are encouraged to mirror the mirrors. Anyone who has done this, is encouraged to leave a comment here, with the URL of the new mirror.
Nice. How did you approach the filename collisions in the Ada collection? gnat-gpl-2016-src.tar.gz would be a prominent example, for which I see yours matches ave1's hash.
Dear Jacob Welsh,
for f in ada/*
do
NAME=`echo $f | cut -d '=' -f 2`
mv -n $f ./ada/$NAME
done
... and then same on the remnants (i.e. the would-be-clobbered files) in separate directories, finally sorted into dupes-1, dupes-2, dupes-3 subdirs.
Yours,
-S
“Until and unless a cultural "reset" takes place, and something like what Gentoo tried to be in 2007 again exists as a living entity, ...”
I think Guix is doing that pretty well, although there is still long way to go before we get as much packages as gentoo currently offer. But at least they are meant to stay forever, after all it is one of the goals of Guix, and it use lisp, so it's pretty neat.
Personally i use guix inside gentoo and i find their cohabitation quite pleasant, preparing the way to move toward a more lispy distribution (GuixSD)
Dear calculeris,
As I understand, Guix is not a source-based system a la Gentoo; nor does it support an equivalent of Gentoo's "USE flags". And as such, one cannot, for instance, perma-ban systemd, dbus, and related garbage from the machine.
Hence, not an equivalent or a replacement for Gentoo's portage.
Yours,
-S
From my shallow understanding, Guix does indeed works as a high-level (i.e if a package allways build in a deterministic way, it can instead directly use the binaries instead of compiling it) source-based system (git versioned). Thus we can modify any package definition, and its resulting build if we wish to do so.
[https://guix.gnu.org/blog/2018/a-packaging-tutorial-for-guix/]
But it is true that it doesn't have a "USE flags" system, forcing you to modify the package's definition if you want to enable or disable upstream choices. Or said in another way, the upstream doesn't facilitate any packge build customization, except by providing the tools and the source code of their package definition.
On a more positive side, they seem inclined to this sort of idea (i.e “Parameterized packages”: https://lists.gnu.org/archive/html/guix-devel/2019-05/msg00285.html), even tough they still haven't implemented them.
> “And as such, one cannot, for instance, perma-ban systemd, dbus, and related garbage from the machine.”
Yes, it would be pretty daunting to modify or remove dependencies of packages without the support from upstream maintainers.
But alas, because it's a pretty well designed programmable dependency manager, you could easly detect which packages depend on the ones we don't want to install, and thus neither install them and their dependency [With the result that you may end with very few packages ...].
In the specific case of systemd, currently i am not affraid, because Guix use Sheperd as Sys-init like (in scheme), instead of systemd, but for the other ones and for the future, i cannot tell, although i think the problem is more socio/political, where we choice what kind of tehcnologie we spend time on. But they use lisp, and so i try to reassure myself and refusing to belive they would. [but maybe i shouldn't: https://lists.gnu.org/archive/html/guix-devel/2018-04/msg00002.html%5D
Dear calculeris,
From your description, it isn't entirely obvious how Guix is a substantial improvement on similar binary package systems, e.g. Debian's. You're stuck with the binaries built by other people: if you want e.g. Emacs without Dbus, or Apache without SSLism, you're stuck building by hand. And when the systemd rot infects the upstream -- which it will, is only ever a matter of time -- you'll be just as stuck with that.
This (among other reasons: I'm perfectly happy with my SSE2-only Opterons, and don't ever intend to swap them out for Fritz-chipped "modern" rubbish) is why I have no interest in binary-package distros of whatever type.
Yours,
-S
It might not have been very mature back in 2007, but these days, NixOS is unequal in terms of reproducibility and solving dependency hell as well as in rodentless configurability and usability. Unhappily for you, NixOS uses systemd and is thus "Poettering'ed". But maybe you'll like GUIX, which reuses the packaging kernel of NixOS to solve dependency hell and reproducibility, while using Guile Scheme instead of Nix for build configuration, and the GNU Daemon Shepherd instead of systemd for runtime configuration. On the other hand, the GUIX authors drank the GNU kool-aid, so I'm sure you'll find a reason to hate it.
Dear François-René Rideau,
> NixOS uses systemd and is thus "Poettering'ed"...
I would honestly rather work in MS-DOS than with any of the infested Linuxes.
The entire impetus for my customized Gentoos was the removal of that plague.
>But maybe you'll like GUIX...
See the earlier thread. Not interested in non-source-based distributions at all.
Yours,
-S
Nix and GUIX make it pretty easy to override part of a package, or to recursively override the entire configuration. You can compile your own kernel, your own emacs, etc., this way. I have a friend who maintains his own security-minded layer on top of NixOS, with his own init daemon, virtual console control for security, and Lisp-based utilities, etc. Then again, of course, maintaining a fork or a patch of the distribution can become a lot of work, and as code evolves, you find that your patches bitrot and you don't support the latest software or even latest security patches.
Dear François-René Rideau,
> Nix and GUIX make it pretty easy to override part of a package...
Not interested in running other people's pre-built binaries at all. (And that it presently cannot be fully avoided, is a problem to be dealt with, rather than an excuse to behave like a Microsoft victim.)
> as code evolves, you find that your patches bitrot and you don't support the latest software or even latest security patches...
The entire point of the item described in this article is to put a permanent end to "bitrot". I am pointedly uninterested in this "evolution", and, as I've found, in "the latest software". Or, for that matter, in "security patches" issued by NSA stooges which introduce three new 0days for each one "fixed". Traditional source-based Gentoo makes it quite simple to patch by hand, on the rare occasions when this becomes necessary on a machine kept free of "latest software" liquishit.
Yours,
-S
For many years now, I have been doing the same thing but for Slackware, and for roughly the same reasons as you have stated above.
Dear St Gregory of Nyssa,
I suspect that quite a few people are doing "the same thing". Because the only alternatives, AFAIK, are -- to drown in shit; or to leave off using computers entirely.
Unfortunately most of these people are doing their thing silently. For instance I have not yet encountered a forcefully-sane public Gentoo repo. Therefore -- decided to make one.
Yours,
-S
Will you mirror the TRB patchset now that the Foundation's future is uncertain? [1]
It is unclear to me that deedbot will continue to host the dependencies indefinitely either... [2]
[1] http://blog.mod6.net/2020/04/leaving-the-bitcoin-foundation/
[2] http://trinque.org/2020/03/22/deedbots-future/
While I do have an offline backup, I'm not in the position to host these myself. It would be a shame that such extraordinary effort would someday vanish from the Internet.
Dear Concerned Reader,
It is my intention to maintain a reasonably complete mirror of public material which I personally use, or had a hand in creating. (See e.g. here re: my philosophy re mirrors.)
If you're speaking of TRB in particular -- the patches sum to about 1MB total. (The dependency tarballs are maybe 100MB.) This isn't a massive pile, and given as you evidently have the net access to post this comment, you can probably afford to set up a mirror of your own.
Currently I do not have a public TRB mirror (would like to first wrap up my attempt at a WWWistic Vtron display a la Phf's, and a few other items) but will certainly put one up immediately if the TBF WWW were to vanish.
Yours,
-S
> as you evidently have the net access to post this comment, you can probably afford to set up a mirror of your own.
Early web strandards similarly assumed that everybody is gonna have a personal website. Didn't pan out.
Dear Anonymous,
"Problem between keyboard and chair." (TM)(R)(BOFH).
Hosting (of whatever grade you like -- from starvation kolhoz to proper datacenter rack space) has never been cheaper.
Yours,
-S
You've apparently drunk too much capitalist kool-aid. Since I'm already paying for access to the internet and have hardware to access it shouldn't I also be able to host on this very hardware? I've heard of folks exposing security cameras as Tor hidden services specifically do deal with dynamic IPs because Tor uses a DHT and so doesn't care. Buying a static IP is the same kind of scam as buying a domain name or, in many cases, paying for hosting in a datacenter. These days it's technically trivial to host on a wall-wart computer because what most people share is relatively small and doesn't need much bandwidth. But alas.
This reminds me of HyperCard: the company that Apple sold it to split the program into a free viewer and paid editor which led to HyperCard's demise. It's understandable that access to the internet costs money but asking for moar to allow clients to host on their *own* hardware is just a scam. I have no problem hosting via technologies that use overlays but that I need some centralized crap like Dynamic DNS just to host a fucking web page is a true sign of capitalist retardation.
Dear Anonymous,
> You've apparently drunk too much capitalist kool-aid. Since I'm already paying for access to the internet and have hardware to access it shouldn't I also be able to host on this very hardware?
It isn't entirely clear to me what this complaint is about. I host quite a few things on personally-owned iron -- some on residential lines, some in DC cages. And in both cases, it is considerably cheaper than leasing the equivalent iron somewhere.
> I've heard of folks exposing security cameras as Tor hidden services specifically do deal with dynamic IPs because Tor uses a DHT and so doesn't care.
When you use e.g. TOR, you're paying "with your arse" instead of with money. It -- and all similar offerings -- are honeypots.
> Buying a static IP is the same kind of scam as buying a domain name or, in many cases, paying for hosting in a datacenter.
If you haven't yet tried to buy IP blocks, probably you are not even yet aware of just how egregious a scam it is.
The solution, however, is not to complain, but to subvert. See concluding paragraph.
> These days it's technically trivial to host on a wall-wart computer because what most people share is relatively small and doesn't need much bandwidth.
Trivial until the thing gets DDOS'd, "slashdotted", etc, i.e. until you actually start eating 100% of the bandwidth offered by your residential line on a regular basis. Residential ISPs oversubscribe their bandwidth, and their future quite likely looks like this.
> This reminds me of HyperCard: the company that Apple sold it to split the program into a free viewer and paid editor which led to HyperCard's demise.
What business model would you have had them pick instead ? "Free cake for everyone forever" ?
> It's understandable that access to the internet costs money but asking for moar to allow clients to host on their *own* hardware is just a scam.
Lease a rack at a DC, fill it with personally-owned iron. I did. And it is much cheaper than getting similar fiber run to your house, installing similar generators, chiller plant, etc.
> I have no problem hosting via technologies that use overlays but that I need some centralized crap like Dynamic DNS just to host a fucking web page is a true sign of capitalist retardation.
DNSism and the IP racket are indeed scams. And the pill against them is to build a new routing fabric, parasitic on the traditional one, where one could address datagrams to arbitrary RSA public keys. I set out to bake this 4y ago, but realized that one first needs reliably constant-time crypto mechanisms (lacking these -- private keys leak out via timing side-channel.) This was heavy work, but is just about complete now.
Yours,
-S
> It isn't entirely clear to me what this complaint is about.
That one needs to deal with dynamic IPs through buying a domain name / static ip / dynamic dns subscription. Again, not a problem when using an overlay.
> When you use e.g. TOR, you're paying "with your arse" instead of with money. It -- and all similar offerings -- are honeypots.
Tor is a valuable tool if you have reasonable expectations. If USG has a backdoor (very possible) it doesn't seem to share it with internet businesses and third-world-stan governments, judging by their fumbles to crack or censor it. That I self-select into a risk group is doesn't change anything because I say cramolous stuff anyway. If you think that you don't and your traffic magically dissolves in 'porn and lolcats' and is not linkable to the cramolous stuff you've already published then you're in for an anal awakening should the regime become more totalitarian. Which is something to look out for -- the gov has squeezed a lot of power upgrades out of 9/11 and the corona crisis, while less dramatic, might become a similar boon. But then why stay in the US in the first place? I've head of a *web dev* who saved money from his gig and moved to South Asia, is still not asking for donations, says has enough and keeps working on some open sores. YMMV of course but I would consider it.
> Trivial until the thing gets DDOS'd, "slashdotted", etc, i.e. until you actually start eating 100% of the bandwidth offered by your residential
line on a regular basis. Residential ISPs oversubscribe their bandwidth, and their future quite likely looks like this.
Getting slashdotted is FUD since that kind of public moves on in less than 24 hours. Getting DDoSed by some practicing script kiddie is of a similar concern. If happens a lot though, might share the load with willing participants. If no willing participants then nothing to worry about, nobody wants your stuff that bad anyway. Might as well post it on some forum or whatever. This is true for *regular* stuff which is rather small and not particularly popular. Otherwise should use some kind of overlay network (good luck 'DDoSing' a torrent). Putting it in a central location which you *don't control* and paying for it to boot is playing along with internet centralization scammers. No thank you.
> What business model would you have had them pick instead ? "Free cake for everyone forever" ?
You seriously need to detox. What business model? None! Capitalism teaches you to be a 'good citizen' and hyperspecialize such that you know everything about, say, assembling nano-particles, but can't replace a faucet. Which keeps you nice and dependent. Hyperspecialization makes sense only in an emergency when you truly can't cover you basic needs yourself. If you can, what business model do you need? On that note, I've never personally encountered a creative man obsessed with money -- all seem to enjoy work for its own sake. An when one does become obsessed, there goes their creativity. Also, capitalism became possible after the introduction of the land and labor markets which over time ruined all the previous safety nets so now most people live and work in 'communities' where they often don't wanna know each other, much less engage in serious mutual aid. Investing your time and energy in personal autonomy and actual community-building, hopefully away from urban environments, is much more effective long term than playing with 'business models'. But then capitalism strongly discourages longterm thinking...
> Lease a rack at a DC, fill it with personally-owned iron. I did.
I don't assume you also live there to gloriously defend your iron should the staff try to fiddle with it. 'Personally-owned' means personally-*controlled* since you don't own which you can't control. Also see above about internet centralization scammers.
> the pill [...] is to build a new routing fabric, parasitic on the traditional one, where one could address datagrams to arbitrary RSA public keys.
Genrally speaking the pill is to build a small civilization in the shadow of the current one. Funny how natural it is -- it must be small to not get swallowed but also can only be small because who would need such a thing except a few. I'm also interested in building overlays but I've started only recently, had to spend a lot of time working on OS basics because what use is *anything* if not only can't trust your own computer but also -- and this is a much bigger problem -- can easily run out of brain while dealing with complex stuff. Incidentally the work is nearing completion also.
Dear Anonymous,
> That one needs to deal with dynamic IPs through buying a domain name / static ip / dynamic dns subscription. Again, not a problem when using an overlay.
If you're satisfied with the available overlays -- use them, why not. But in my view, they all suffer from exactly the same problems as the USG-controlled DNS space. And sometimes worse (recall the quiet death of Namecoin, for instance.)
> Tor is a valuable tool if you have reasonable expectations.
It isn't clear to me what remains once you strip away the unreasonable expectations.
Presently it isn't even very useful as a spam proxy (the exit IP list is public, and many services ban them.)
> If USG has a backdoor (very possible) it doesn't seem to share it with internet businesses and third-world-stan governments, judging by their fumbles to crack or censor it.
It isn't even as if the CMU project that unmasked the physical location of "Silk Road" were somehow secret. Just about all of the details came out publicly (though mysteriously "deemed inadmissible" at the DPR trial.) That anyone in whatever "risk group" is able to take Tor seriously after that incident, I find astonishing.
> That I self-select into a risk group is doesn't change anything because I say cramolous stuff anyway. If you think that you don't and your traffic magically dissolves in 'porn and lolcats' and is not linkable to the cramolous stuff you've already published then you're in for an anal awakening should the regime become more totalitarian.
In principle, I ought to have been gassed years ago -- not only do I not use Tor etc., but publish under actual human name.
> Which is something to look out for -- the gov has squeezed a lot of power upgrades out of 9/11 and the corona crisis, while less dramatic, might become a similar boon.
The NATO Reich turned into a textbook totalitarian hell many years ago. The modern-day hell differs, however, from e.g. sovok, in that it doesn't particularly take an interest in the cramolous. That is, 100% convinced that it literally does not matter what the inmates think. After 100+ years of systematic zombification, there is virtually no thinking happening, anywhere. And the effect of people who think, when these occasionally appear, is roughly zero. It is rather like dropping a lit match into the ocean -- the ocean will not catch fire. Poseidon does not feel a need to come to the surface with a fire extinguisher.
The Reich currently appears to be interested largely in dekulakization of people with "unauthorized" money (i.e. not given by Reich decree to designated Aryan. e.g. DPR's coin.) The other sheep -- generally not worth the skinning, aside from occasional "make example."
> But then why stay in the US in the first place? I've head of a *web dev* who saved money from his gig and moved to South Asia, is still not asking for donations, says has enough and keeps working on some open sores. YMMV of course but I would consider it.
It isn't presently clear to me that USA has an outside.
Concretely: several years ago I participated in an experiment where we ran an ISP in Uruguay, 100% bitcoin-powered. It is dead, and not because the U.S. army fired Tomahawk rockets at it, but because after we got a quite small (less than Gb/s) DDOS episode, the upstream bandwidth provider null-routed it. And, being in a shithole country, there was no alternative net carrier -- in shitholes, typically you do not even have a USA-style choice between several telcos, but are stuck with the national monopoly which controls the one or two oceanic fibers available.
Some people think that USA has an outside. Gaddafi, for instance, thought that he lived in that outside. But in reality, everyone lives in USA; simply some people have to pay $2K/mo for a DC rack w/ 200Mb/sec instead of 300 $ (that same Uruguay), and 200% import tax to bring in a PC (again Uruguay..)
> You seriously need to detox. What business model? None! Capitalism teaches you to be a 'good citizen' and hyperspecialize such that you know everything about, say, assembling nano-particles, but can't replace a faucet. Which keeps you nice and dependent. Hyperspecialization makes sense only in an emergency when you truly can't cover you basic needs yourself. If you can, what business model do you need?
If you found a way to have house, food, net access, electron microscope, etc. without dealing with the capitalists, write about it. I'll read.
I, for one, haven't found this magical elixir, and pay for food, research materiel, etc. by working for the capitalists.
FWIW I know how to change a faucet, fix a washer, an engine, build a shortwave set, or an RNG, etc. but this does not add up to an elixir against working for the capitalists.
> On that note, I've never personally encountered a creative man obsessed with money -- all seem to enjoy work for its own sake. An when one does become obsessed, there goes their creativity.
Where do I buy a ticket to where can "creativity" without money?
If you have a time machine, possibly, I know a few places. But even then not a sure bet.
> But then capitalism strongly discourages longterm thinking...
Not simply discourages, absolutely prohibits.
> I don't assume you also live there to gloriously defend your iron should the staff try to fiddle with it. 'Personally-owned' means personally-*controlled* since you don't own which you can't control. Also see above about internet centralization scammers.
It is not particularly difficult to detect attempts at surreptitious physical tampering, given a cabinet that you are willing to physically visit on a regular basis. (You will have to come up with your own inconspicuous seals -- anything publicly documented or in any sense standardized, is by definition useless for this application.)
If, however, you define anything that could in principle be stolen as "not under control", then hardly anyone controls anything at all (other than whatever he managed to bury on an unmapped island, like Captain Kidd.) And certainly the contents of your house are then "not under control", houses are routinely stolen from. And e.g. burn down (and not always because FBI drops napalm from helicopter, as in Waco -- sometimes just rubbish wiring. I don't have a halon system at my house; do you?)
> Genrally speaking the pill is to build a small civilization in the shadow of the current one.
That's the only pill against mass idiocy that there ever was, or could be.
> Funny how natural it is -- it must be small to not get swallowed but also can only be small because who would need such a thing except a few.
I developed am IMHO rather effective pill in 2015 against FSF-style "swallowing". But, as with any instrument, it only works when people use it.
> I'm also interested in building overlays but I've started only recently, had to spend a lot of time working on OS basics because what use is *anything* if not only can't trust your own computer but also -- and this is a much bigger problem -- can easily run out of brain while dealing with complex stuff.
The "computer that can be trusted" is specifically such where the operator will not "run out of brain". AKA "fits-in-head." Where chip layout, OS, compiler, all essential softs, fit in a readable couple hundred page book. These existed in the past, and could be made again.
> Incidentally the work is nearing completion also.
Is any of it published somewhere ? I'd read.
Yours,
-S
Sorry for the delay.
> If you're satisfied with the available overlays -- use them, why not. But in my view, they all suffer from exactly the same problems as the USG-controlled DNS space. And sometimes worse (recall the quiet death of Namecoin, for instance.)
I'm only vaguely familiar with Namecoin so don't know what you mean. I also don't quite understand your argument. For example, this is how I2P at least used to work: you have a local address book which is a list of alias-key pairs (keys identify hosts). The address book is actually compiled out of 2 or 3 such lists (don't remember exactly) where one of the lists is your private address book where you add entries manually and which takes precedence over the rest. Another addressbook is typically filled automatically by pulling public addressbooks from registrars. Registrars however don't control zones or anything like that, they simply let users register alias-key pairs. Also registrars are not the only way to disseminate such information - you can do so via forums/wikis/etc by posting a specially formed url. So you need to control a lot of resources to control the public namespace and even then people still have their local address books and groups can maintain their own registrars.
> It isn't even as if the CMU project that unmasked the physical location of "Silk Road" were somehow secret. Just about all of the details
came out publicly (though mysteriously "deemed inadmissible" at the DPR trial.) That anyone in whatever "risk group" is able to take Tor
seriously after that incident, I find astonishing.
To break Tor you need to infiltrate the network to a considerable extent which only few actors seem to be capable of in practice. Remember that Bogatov fella? You obviously don't benifit from this but I do. Another benifit is that I give less data to internet businesses. If Snowden's dump is to be believed USG still goes to businesses for data because their data is already structured, unlike raw traffic. And another benifit is that it's easier to collab with folks you don't really know because you don't expose your IP. Not a silver bullet of course but enough of a deterrent.
> In principle, I ought to have been gassed years ago -- not only do I not use Tor etc., but publish under actual human name.
Lucky for you, they now gas with nitrogen which is painless. I once suggested going to one of the states that gas and committing a serious crime there in a thread about suicide -- the depressed cheered up.
> The NATO Reich turned into a textbook totalitarian hell many years ago. The modern-day hell differs, however, from e.g. sovok, in that it doesn't particularly take an interest in the cramolous. That is, 100% convinced that it literally does not matter what the inmates think. After 100+ years of systematic zombification, there is virtually no thinking happening, anywhere. And the effect of people who think, when these occasionally appear, is roughly zero. It is rather like dropping a lit match into the ocean -- the ocean will not catch fire. Poseidon does not feel a need to come to the surface with a fire extinguisher.
Zombification is a factor but I would argue it's less important than the artificial selection that states have been doing from their early days to cull the freedomloving from the gene pool. It's interesting how the average intelligence is increasing together with the degree domestication so you have nominally smart folks who would seriously argue about government reforms and such because the idea of living without masters is indigestable.
It peeves me that many anarchists are still obsessed with the idea of liberating the masses and don't see that the latter *loath* freedom and not just because NYT or CNN told them so but because why would a dog go live in a forest instead of the owner's apartment. Any step towards freedom is also a step towards responsibility so even if you manage to turn off the propaganda you still need to sell the idea that responsibility is good. Which is also a major reason why so many young democracies revert back to dictatorship.
> It isn't presently clear to me that USA has an outside.
The US has an outside inside the US itself as demonstrated by Unabomber and other 'interesting personalities', it's not very pleasant though to have a leviathan breathing down your neck. It doesn't make as much sense to go to a shithole if you intend to plug yourself back into the 'global economy' by e.g. using a credit card or doing what you did in Uruguay. The thing about shitholes is that it's a low floor-high ceiling deal: as long as you can stomach them you can work around the local gov rather easily. If you expect to lead the same well-above-the-ground lifestile as in the US it obviously won't work. My own shithole's gov runs on pirated Windows, is significantly bribeable and disorganized. I once had a convo about tax evasion right in a packed bus, the revelator didn't need to speak into my ear or anything.
> I, for one, haven't found this magical elixir, and pay for food, research materiel, etc. by working for the capitalists.
The elixir recipe is rather personal but always involves a degree of autonomy. The ideal is of course full high-tech autonomy when you don't just use but also produce high-tech. A goal for someone who is still involved with capitalism could be what I call partial parasitic autonomy when you produce what you can and buy the rest or extract it from garbage and other sources of freebies. The further you move along this path the less you need to work for capitalists. Personally, I'm rather ascetic and get away with doing odd jobs from time to time. Look into the off-grid community, they have a fuckton of material to draw from. For example, here a dude tried to switch his home office to solar: https://solar.lowtechmagazine.com/2016/05/how-to-go-off-grid-in-your-apartment.html
> It is not particularly difficult to detect attempts at surreptitious physical tampering, given a cabinet that you are willing to
physically visit on a regular basis. (You will have to come up with your own inconspicuous seals -- anything publicly documented or in
any sense standardized, is by definition useless for this application.)
What if they plant something through a vent hole? Most probably though it's not the staff but the cops who would do such a thing along with serving the staff a gag order.
> If, however, you define anything that could in principle be stolen as "not under control", then hardly anyone controls anything at all
I use a more pragmatic definition. If somebody tries to break into my house but fails then I keep control. If they succeed but I manage to chase them down and return my property then I restore control. But yes, this shows that control is more fluid than the law would have you believe.
> I developed am IMHO rather effective pill in 2015 against FSF-style "swallowing". But, as with any instrument, it only works when people use it.
I've seen mentions of projects where the accreted cum-unity effectively seized control from the original devs. Weird how most people can't imagine living not as members of a giant flock. For me, I come first, then whatever ragtag gang of other freedom-lovers I end up entangled with. That's all I'll ever need.
> The "computer that can be trusted" is specifically such where the operator will not "run out of brain". AKA "fits-in-head."
So you have your fits-in-the-head computer and then start a project in biochem or any other field with an insane amount of intrinsic complexity. Good luck not running out of brain if the system wasn't designed to help with that. You need a map of the territory: what you've learned and how it relates to what you haven't, how your product relates to that, which constraints you're currently working under and which past constraints you current iteration violates, which constraints are essential, what is their origin, etc. In other words you need a advanced ui, not just one that fits in the head. Complexity, even when it can be avoided, is less of a problem that confusion. It's one thing when you have a kinda-Unix-ish OS that is overcomplicated because it's built on bad concepts and an entirely different thing when you have that plus an actual Unix userland where there's no agreement about anything and you can't invoke the simplest command without reading a novella-size man 'page' first.
> Is any of it published somewhere ? I'd read.
Nope but hopefully something will come out this year. I plan to do a write-up about the general approach, will send you a link when I'm done.
Dear Anonymous,
> Registrars however don't control zones or anything like that, they simply let users register alias-key pairs. Also registrars are not the only way to disseminate such information - you can do so via forums/wikis/etc by posting a specially formed url. So you need to control a lot of resources to control the public namespace and even then people still have their local address books and groups can maintain their own registrars.
What is the meaning of "registrar" -- or, for that matter, "public namespace" -- in a system where everyone is simply hand-curating his own list of name-host pairings?
> To break Tor you need to infiltrate the network to a considerable extent which only few actors seem to be capable of in practice.
Depends what you think of as a "break". At one time, 8 or so years ago, I was logging ~5% of all TOR traffic personally for nearly six months. And the budget for the project was not large -- less than the cost of the proverbial Toyota. Anyone who wants to, can do this -- set up front companies, purchase bandwidth, run "exit nodes". None of it requires being a millionaire, or command of a spy agency.
> Another benifit is that I give less data to internet businesses. If Snowden's dump is to be believed USG still goes to businesses for data because their data is already structured, unlike raw traffic.
So instead giving it to random bozos who run exit nodes? And "internet business" or Snowden's old employer somehow cannot run a fleet of exits? Why exactly not?
> And another benifit is that it's easier to collab with folks you don't really know because you don't expose your IP. Not a silver bullet of course but enough of a deterrent.
When you walk around as "anon", you cannot actually collaborate with anyone, because there is no you -- there is only a sequence of anonymous letters, which could be from anyone. How is your collaborator to know that your N+1st message is from same source as Nth? Especially given that you seem to be averse to the use of PGP.
> Lucky for you, they now gas with nitrogen which is painless. I once suggested going to one of the states that gas and committing a serious crime there in a thread about suicide -- the depressed cheered up.
"Gas" is a term of art in this context. These days they prefer getting rid of inconvenient people via "suiciding" and "accidenting" (M. Hastings, A. Schwartz, I. Murdoch, J. Epstein). Bona fide gassing is exotic these days, like electric chair.
> Zombification is a factor but I would argue it's less important than the artificial selection that states have been doing from their early days to cull the freedomloving from the gene pool. It's interesting how the average intelligence is increasing together with the degree domestication so you have nominally smart folks who would seriously argue about government reforms and such because the idea of living without masters is indigestable.
It peeves me that many anarchists are still obsessed with the idea of liberating the masses and don't see that the latter *loath* freedom and not just because NYT or CNN told them so but because why would a dog go live in a forest instead of the owner's apartment. Any step towards freedom is also a step towards responsibility so even if you manage to turn off the propaganda you still need to sell the idea that responsibility is good. Which is also a major reason why so many young democracies revert back to dictatorship.
What do you think of as "freedom" ? The freedom to, e.g., starve, or die of appendicitis, is available right now. Plenty of people try living at sea, in "unabomber cabin", etc. until they get tired, run out of supplies, and go back to where "homo homini lupus est".
Where, incidentally, is this magical place where "living without masters" ? In e.g. the Seattle anarchist zone, "masters" popped up within days; and doing what masters do.
> The US has an outside inside the US itself as demonstrated by Unabomber and other 'interesting personalities', it's not very pleasant though to have a leviathan breathing down your neck. It doesn't make as much sense to go to a shithole if you intend to plug yourself back into the 'global economy' by e.g. using a credit card or doing what you did in Uruguay. The thing about shitholes is that it's a low floor-high ceiling deal: as long as you can stomach them you can work around the local gov rather easily. If you expect to lead the same well-above-the-ground lifestile as in the US it obviously won't work.
You appear to have at the very least a net connection -- so, evidently, not entirely "unplugged" ?
> I once had a convo about tax evasion right in a packed bus, the revelator didn't need to speak into my ear or anything.
One could probably get away with almost any public conversation in a typical U.S. shithole city -- chances are, everyone on the bus is plugged into 40dbA of headphone cacophony and won't even hear you admitting to having killed Kennedy and burned down WTC.
> The elixir recipe is rather personal but always involves a degree of autonomy. The ideal is of course full high-tech autonomy when you don't just use but also produce high-tech.
Ever actually manufacture and sell a physical artifact ? Even a very simple one ? Did you do it while growing own food and shooting own bandits ?
> A goal for someone who is still involved with capitalism could be what I call partial parasitic autonomy when you produce what you can and buy the rest or extract it from garbage and other sources of freebies.
What kind of artifacts have you -- personally -- produced from garbage and freebies? I'd be interested to hear. FWIW discarded consumer electronics haven't typically had salvageable parts in them for nearly a decade now.
> The further you move along this path the less you need to work for capitalists. Personally, I'm rather ascetic and get away with doing odd jobs from time to time. Look into the off-grid community, they have a fuckton of material to draw from. For example, here a dude tried to switch his home office to solar: https://solar.lowtechmagazine.com/2016/05/how-to-go-off-grid-in-your-apartment.html
If you require the larger civilization to parasitize off, you are every bit as "plugged in" as the hated "salaryman".
> What if they plant something through a vent hole? Most probably though it's not the staff but the cops who would do such a thing along with serving the staff a gag order.
For the sake of argument, suppose "martian" bug that fits through 1mm vent exists. Now suppose I find one? This is worth money. (For that matter, I'm still waiting for someone to bring me a FLUXBABBIT ! 4 BTC ! on offer! to this day! This is roughly 40,000 $ U.S. at the time of this writing!)
At any rate, what is the point of bugging the cage, when the upstream router is right there, and has official wiretap openly built in?
> I use a more pragmatic definition. If somebody tries to break into my house but fails then I keep control. If they succeed but I manage to chase them down and return my property then I restore control. But yes, this shows that control is more fluid than the law would have you believe.
"Possession is 9/10th of the law" or how did it go.
> I've seen mentions of projects where the accreted cum-unity effectively seized control from the original devs. Weird how most people can't imagine living not as members of a giant flock. For me, I come first, then whatever ragtag gang of other freedom-lovers I end up entangled with. That's all I'll ever need.
If someone seized control of "your" project, in what sense was it "yours" to start with?
> So you have your fits-in-the-head computer and then start a project in biochem or any other field with an insane amount of intrinsic complexity. Good luck not running out of brain if the system wasn't designed to help with that.
The whole point of building the computer is to "help with that" -- i.e. intelligence amplification. And not to play Tetris, no.
Yours,
-S
> What is the meaning of "registrar" -- or, for that matter, "public namespace" -- in a system where everyone is simply hand-curating his own list of name-host pairings?
To provide a default name-host mapping. What's in your private address book is what you know, what is in the public namespace is what you don't.
> Depends what you think of as a "break".
Figuring the user's IP. Observing exit node traffic is not enough, you need cooperating relays too, then you figure the guard node, then you watch or pwn it. Given that Tor is not exactly small these days and you still need to be not an idiot to mount a proper attack, you need to be rather motivated and organized. Which cuts the number of actors to worry about considerably. Like I said, not a silver bullet, but enough of a deterrent. Why you think the Chinese are blocking it instead of using it as a honeypot?
> And "internet business" [...] cannot run a fleet of exits? Why exactly not?
The argument is this: a typical company gets loads of regular traffic which it mines. Tor they either don't care about or view with suspicion, so everyone's traffic gets mined equally, give or take. The difference is that unless you really care to analyze Tor traffic separately, your results will be polluted by multiple users sharing the same apparent IP. Can an internet business run a fleet of exit nodes? Sure. Do they have much motivation to? The biggest motivation Tor gives them is to figure how to block it.
> When you walk around as "anon", you cannot actually collaborate with anyone, because there is no you -- there is only a sequence of anonymous letters, which could be from anyone.
Hang on some imageboards, those that have tech- or even development-related sections. That's exactly how collaboration happens there, at least to some extent. Eventually code is moved to shithub or something and pseudonyms do pop up, but a lot of hashing out or even early code sharing via pastebins/tarballs happens anonymously. Ultimately what matters is what I say, not who I am. If somebody sends me a patch, I'm gonna look at their *code*, a known name with a good rating simply gives priority.
> How is your collaborator to know that your N+1st message is from same source as Nth?
Not a problem in practice, but also nothing prevents you from using signatures or moving to e.g. email if the channel gets too noisy.
> Especially given that you seem to be averse to the use of PGP.
Based on the fact that I don't sign when there's no objective need?
> Plenty of people try living at sea, in "unabomber cabin", etc. until they get tired, run out of supplies, and go back to where "homo homini lupus est".
"Дорогу осилит идущий", naturally. Noticed how the almighty USG couldn't stop the recent carnage? In theory, there's mass surveillance and cops + NG + the military. In practice there turns out to be room for maneuver. Same with living without masters. Look for gray zones, keep a low profile, keep your needs and wants in check. Don't point to nincompoops and say 'therefore not possible'.
> You appear to have at the very least a net connection -- so, evidently, not entirely "unplugged" ?
Unplugged in a way that matters? Yes. US commandos haven't knocked yet, no DDoS / bankruptcy / cancellation in sight either.
> Ever actually manufacture and sell a physical artifact ?
God forbid I ever. Built with my hands? Yes, a much simpler enterprise. To be on the same page, the ideal of full high-tech autonomy is an *ideal*, I've never seen it. That's my guiding star though.
> FWIW discarded consumer electronics haven't typically had salvageable parts in them for nearly a decade now.
If your experience with discarded electronics has mostly involved hermetic garbage filled with glue then I'm truly sorry. I have more salvaged components that I know what to do with.
> If you require the larger civilization to parasitize off, you are every bit as "plugged in" as the hated "salaryman".
Plugged in a way that matters? No, you enjoy the privilege of being able to channel a good amount of energy into building out. Parasitizing is an important first step. Again, "дорогу осилит идущий".
> For the sake of argument, suppose "martian" bug that fits through 1mm vent exists.
1 mm? OK, you win that one. I would still be too paranoid about e.g. a wire that could introduce a side channel or something.
> At any rate, what is the point of bugging the cage, when the upstream router is right there, and has official wiretap openly built in?
Even more reason not to use a DC.
> If someone seized control of "your" project, in what sense was it "yours" to start with?
The key word is 'was'. Dingdongs voluntarily give up control because 'community-driven' development.
> The whole point of building the computer is to "help with that" -- i.e. intelligence amplification.
Might wanna use some other term because 'fits in the head' suggests understandability of the design, not intelligence amplification. I can't think of anything concise that would suggest both.
Dear Anonymous,
> To provide a default name-host mapping. What's in your private address book is what you know, what is in the public namespace is what you don't.
And when there are two or more conflicting mappings in the public namespace ?
> Figuring the user's IP. Observing exit node traffic is not enough, you need cooperating relays too, then you figure the guard node, then you watch or pwn it. Given that Tor is not exactly small these days and you still need to be not an idiot to mount a proper attack, you need to be rather motivated and organized.
Either that, or simply need to know one or more of the however-many "heartbleed" boobytraps remaining in e.g. OpenSSL. Which the people pushing TOR have on file, because they authored them.
> Which cuts the number of actors to worry about considerably. Like I said, not a silver bullet, but enough of a deterrent.
Strikes me as more of an encouragement than a deterrent, from POV of the one and only enemy who matters. But at this point I suspect that you've thoroughly swallowed the hook, and will ignore plain as daylight fact of who authored TOR, what it consists of (ever tried to read the code?), and even the fact that ~100% of the actually interesting (vs. Uncatchable Joe) people who used TOR, are in prison or dead.
Why you think the Chinese are blocking it instead of using it as a honeypot?
Same reason they block Google, New York Times, etc. -- to put some basic brakes on the flow of USG agitprop into idiot heads.
> The argument is this: a typical company gets loads of regular traffic which it mines. Tor they either don't care about or view with suspicion, so everyone's traffic gets mined equally, give or take. The difference is that unless you really care to analyze Tor traffic separately, your results will be polluted by multiple users sharing the same apparent IP.
In practice, very simple to separate them, via time cluster, WWW browser behaviour patterns, and the persistent login sessions that many lamers use.
> Can an internet business run a fleet of exit nodes? Sure. Do they have much motivation to? The biggest motivation Tor gives them is to figure how to block it.
Plenty of motivation. The group I was part of when ran nodes, was collecting virii, for instance.
> Hang on some imageboards, those that have tech- or even development-related sections. That's exactly how collaboration happens there, at least to some extent. Eventually code is moved to shithub or something and pseudonyms do pop up, but a lot of hashing out or even early code sharing via pastebins/tarballs happens anonymously. Ultimately what matters is what I say, not who I am. If somebody sends me a patch, I'm gonna look at their *code*, a known name with a good rating simply gives priority.
You will read and understand every anonymous pile of shit that comes to you? How many GB's worth ?
The typical result of this type of development philosophy is Heartbleed. And, more generally, the multi-terabyte pile of shit that is the "open source" ecosystem, the primary purpose of which is to give Heartbleeds a place to live.
> Based on the fact that I don't sign when there's no objective need?
Ever seen a group of anons arguing with one another on a forum? Naturally, "objective need" becomes obvious when the second one shows up.
> "Дорогу осилит идущий", naturally. Noticed how the almighty USG couldn't stop the recent carnage? In theory, there's mass surveillance and cops + NG + the military. In practice there turns out to be room for maneuver. Same with living without masters. Look for gray zones, keep a low profile, keep your needs and wants in check. Don't point to nincompoops and say 'therefore not possible'.
What "couldn't stop" -- they organized it. Not firing into the crowd is also a form of government action. The marauders are loyally serving the actual USG -- the one at Harvard. (Did you think the one in Washington actually decides anything?)
> Unplugged in a way that matters? Yes. US commandos haven't knocked yet, no DDoS / bankruptcy / cancellation in sight either.
Неуловимый Джо.
> God forbid I ever. Built with my hands? Yes, a much simpler enterprise. To be on the same page, the ideal of full high-tech autonomy is an *ideal*, I've never seen it. That's my guiding star though.
Try it some time, will be educational.
> If your experience with discarded electronics has mostly involved hermetic garbage filled with glue then I'm truly sorry. I have more salvaged components that I know what to do with.
Wait, if "not building with hands", for what do you collect the parts ?
> Plugged in a way that matters? No, you enjoy the privilege of being able to channel a good amount of energy into building out. Parasitizing is an important first step. Again, "дорогу осилит идущий".
So, with this energy, what have you built ? Or would revealing it blow your cover, or what ?
> Even more reason not to use a DC.
You're still using a DC -- your ISP's. Which works per exactly same rules in this context.
> The key word is 'was'. Dingdongs voluntarily give up control because 'community-driven' development.
See earlier point re "open source". What these people do is a form of collective masturbation.
> Might wanna use some other term because 'fits in the head' suggests understandability of the design, not intelligence amplification. I can't think of anything concise that would suggest both.
I hold that without understandability of the instrument, there can be no intelligence amplification. And IMHO the situation in software where programmers spend most of their life fighting the idiocy of other programmers, instead of actually achieving something useful with their machines, supports this argument.
Yours,
-S
> And when there are two or more conflicting mappings in the public namespace ?
I don't remember. At any rate, all the records get stored in your local address book so conflict can be resolved manually by e.g. storing the mapping you prefer in your private address book which takes precedence. The point of a public namespace (however it is implemented) is to provide a way to explore the network outside of your WoT. That there can be name collisions is a non-factor: Wikipedia also has name collisions and you have to manually choose which article you're actually interested in.
> Either that, or simply need to know one or more of the however-many "heartbleed" boobytraps remaining in e.g. OpenSSL. Which the people pushing TOR have on file, because they authored them.
Was checking Linux distros a while back (not baking my own yet, beside the kernel) and saw this amusing thing: Alpine Linux devs switched to LibreSSL after the heartbleed ruckus but then switched back to OpenSSL because -- get this -- package maintenance costs were too high. Also, claimed they regularly look into the crypto they build their distro on.
> Strikes me as more of an encouragement than a deterrent, from POV of the one and only enemy who matters.
Don't forget that this is *your* perspective. For me, USG is a powerful but distant enemy which probably doesn't give two craps about which lolcats I look at. The enemies that could realistically grab me by cojones are local and inept. Naturally, for anything more confidential than lolcats or arguments on the internet another layer of encryption is necessary.
> ever tried to read the code?
Some of it at some point. I also read Linux kernel code at some point. Are you gonna tell me that you don't run Linux either or have spent the last however many years auditing that turd? I view Tor as nothing but a condom, something that puts a barrier between me and the modern internet. That there's a gov on the other side of the globe with access to the backbone that can cut through the barrier doesn't keep me up at night. Ideally I would run Tor on a physically distant computer (which I *control*, i.e. not in a DC), I'm not there yet.
>~100% of the actually interesting (vs. Uncatchable Joe) people who used TOR, are in prison or dead.
I'm not 'actually interesting', I don't even buy drugs. And wrt my opposition to USG and govs in general I'm very much focused on self-sufficiency and evasion. I'm not one of those trying to bring freedom to the masses.
> > Why you think the Chinese are blocking it instead of using it as a honeypot?
> Same reason they block Google, New York Times, etc. -- to put some basic brakes on the flow of USG agitprop into idiot heads.
But Tor is mostly used by activists and techies, even in countries with a supposedly repressive regime like Russia. Why not use a honeypot to spy on those -- there won't be any need for 'parallel construction', just put those you don't like most in jail and that's it.
> In practice, very simple to separate them, via time cluster, WWW browser behaviour patterns, and the persistent login sessions that many lamers use.
Most use TorBrowser these days, so no persistent login sessions or browser differences (give or take). Which leaves user behavior which on its own, especially with JS disabled, is not very reliable. With e.g. text browsers there's less of an anonymity set but again, the less data I give the better. Most internet businesses are normie-oriented (e.g. Instagram) unlike the company you worked at. I think I've mentioned 'no silver bullet' enough times at this point.
> You will read and understand every anonymous pile of shit that comes to you? How many GB's worth ?
If the traffic is low then, yes, every. And no need to understand a pile of shit at a deep level, shit looks like shit already at the surface. If the traffic ever gets high I'll use the power of ignoring stuff. You're not one of those people with 'information overload' problems by chance, are you?
> Ever seen a group of anons arguing with one another on a forum? Naturally, "objective need" becomes obvious when the second one shows up.
Ever seen an imageboard? Pick any. Find me an instance of an objective need, I'll put it a frame. Even when there *is* ambiguity, believe it or not, people *disambiguate*. Every reply post starts with a reference to the post being replied to and when that together with the context is not enough one also adds a references to his last post.
> What "couldn't stop" -- they organized it. Not firing into the crowd is also a form of government action. The marauders are loyally serving the actual USG -- the one at Harvard. (Did you think the one in Washington actually decides anything?)
I have no interest whatsoever in conspiracies (or even prospiracies) involving the ruling class. I care about *me* and my area of control -- this is the only area where spending energy has an actual chance improving long-term odds.
> Try it some time, will be educational.
Hahaha. I prefer to learn from the mistakes of others:) Wrt production, a lot of the time you need exactly one item for exactly one person. Even when a degree of standardization is desirable it should preferably apply only to interfaces with everything else custom built. It's one of the reasons I'm not a fan of crossplatformability as it's normally practiced.
> Wait, if "not building with hands", for what do you collect the parts ?
To build with hands later, naturally. You don't go to a shop every time you need a LED.
> So, with this energy, what have you built ?
Mainly done some foundational OS-related research and started working on basic autonomous tech (low-tech). That research took me more than a decade, only finished recently and still need to test everything thoroughly and actually apply. If I a had a typical day job... you can imagine.
> You're still using a DC -- your ISP's. Which works per exactly same rules in this context.
Recall that the argument was about overlays + hardware you control vs the centralized internet + hardware at a DC. That my ISP can be tapped is a non-factor in the first scenario because the upstream is already assumed to be hostile.
> I hold that without understandability of the instrument, there can be no intelligence amplification.
Sure, but 'fits in the head' by itself doesn't suggest intelligence amplification. My work is in the area which can be described as highly integrated operating systems. And intelligence amplification is based on integration *with the user*. There's a bunch of terms like 'human-centric design' but they are all rather vague.
Dear Anonymous,
> ... The point of a public namespace (however it is implemented) is to provide a way to explore the network outside of your WoT. That there can be name collisions is a non-factor: Wikipedia also has name collisions and you have to manually choose which article you're actually interested in.
A WWW site with human curators is a very different item from an open P2P net where - in principle - anyone can show up and create 1e9 collisions for any particular object. Aka "sybil attack".
> Was checking Linux distros a while back (not baking my own yet, beside the kernel) and saw this amusing thing: Alpine Linux devs switched to LibreSSL after the heartbleed ruckus but then switched back to OpenSSL because -- get this -- package maintenance costs were too high. Also, claimed they regularly look into the crypto they build their distro on.
Barnum's "a sucker is born every minute -- and two to take him" comes to mind.
> Don't forget that this is *your* perspective. For me, USG is a powerful but distant enemy which probably doesn't give two craps about which lolcats I look at. The enemies that could realistically grab me by cojones are local and inept. Naturally, for anything more confidential than lolcats or arguments on the internet another layer of encryption is necessary.
If this is your use case, seems like all you need is a cheapo leased box in US or EU to proxy through? Like e.g. the Chinese do. And could get decent bandwidth that way (I for instance don't recall ever seeing more than a couple kB/s via TOR.)
> Some of it at some point. I also read Linux kernel code at some point. Are you gonna tell me that you don't run Linux either or have spent the last however many years auditing that turd?
I run various linuxes. But even if lived for 400 years, could not promise to audit the turd, "obfuscated C" is not factually auditable with finite effort. This in fact was the original impetus for my ongoing effort to bake a working crypto-numerics stack that can be compiled into an auditable binary and planted on a purpose-built iron with no shitware on it.
> I view Tor as nothing but a condom, something that puts a barrier between me and the modern internet. That there's a gov on the other side of the globe with access to the backbone that can cut through the barrier doesn't keep me up at night. Ideally I would run Tor on a physically distant computer (which I *control*, i.e. not in a DC), I'm not there yet.
IMHO a even a set of leased boxes in various jurisdictions would make for far better "condom". But won't rehash the argument.
> I'm not 'actually interesting', I don't even buy drugs. And wrt my opposition to USG and govs in general I'm very much focused on self-sufficiency and evasion. I'm not one of those trying to bring freedom to the masses.
I can't speak for your particular geographic glue trap, but in USA: people "focused on self-sufficiency and evasion" are the premier target.
> But Tor is mostly used by activists and techies, even in countries with a supposedly repressive regime like Russia. Why not use a honeypot to spy on those -- there won't be any need for 'parallel construction', just put those you don't like most in jail and that's it.
Most of the admitted habitual TOR users I've encountered so far, are not particularly "activist", but rather are people with a strange "religious" compulsion to "anonymize".
As for the jail -- it has finite space. Hence honeypots and other mechanisms to help the candidates self-select.
> Most use TorBrowser these days, so no persistent login sessions or browser differences (give or take). Which leaves user behavior which on its own, especially with JS disabled, is not very reliable. With e.g. text browsers there's less of an anonymity set but again, the less data I give the better. Most internet businesses are normie-oriented (e.g. Instagram) unlike the company you worked at. I think I've mentioned 'no silver bullet' enough times at this point.
I no longer actively follow the subject, but it is my understanding that a large part of published TOR exploits to date are specifically against that browser.
> If the traffic is low then, yes, every. And no need to understand a pile of shit at a deep level, shit looks like shit already at the surface. If the traffic ever gets high I'll use the power of ignoring stuff. You're not one of those people with 'information overload' problems by chance, are you?
If you're the sole author of a project, naturally you will feel no need to cut through incoming shit. (I presume this is what meant by "I'll use the power of ignoring stuff" ? ) But once you've published, and 1e6 lamers and wreckers start making "improvements" -- your users will.
> Ever seen an imageboard? Pick any. Find me an instance of an objective need, I'll put it a frame. Even when there *is* ambiguity, believe it or not, people *disambiguate*. Every reply post starts with a reference to the post being replied to and when that together with the context is not enough one also adds a references to his last post.
I don't read "imageboards". I also do not hunt for rats in alleys and sewers to eat, and don't eat roadkill. Call me a snob if you want.
> I have no interest whatsoever in conspiracies (or even prospiracies) involving the ruling class. I care about *me* and my area of control -- this is the only area where spending energy has an actual chance improving long-term odds.
To borrow from Trotsky, "you may not be interested, but it is interested in you."
> Hahaha. I prefer to learn from the mistakes of others:) Wrt production, a lot of the time you need exactly one item for exactly one person. Even when a degree of standardization is desirable it should preferably apply only to interfaces with everything else custom built. It's one of the reasons I'm not a fan of crossplatformability as it's normally practiced.
In principle yes. In practice this is a recipe for every thinking person blowing two or three decades of life on reinventing wheels.
> To build with hands later, naturally. You don't go to a shop every time you need a LED.
At one point I purchased the ~entire contents of an electronic parts store that was going out of biz. So I don't disagree.
> Mainly done some foundational OS-related research and started working on basic autonomous tech (low-tech). That research took me more than a decade, only finished recently and still need to test everything thoroughly and actually apply. If I a had a typical day job... you can imagine.
Publish -- will read.
> Recall that the argument was about overlays + hardware you control vs the centralized internet + hardware at a DC. That my ISP can be tapped is a non-factor in the first scenario because the upstream is already assumed to be hostile.
Interestingly, my DC in fact offers a choice of upstream networks (at additional expense can even bring in own cable...) whereas (in my geography) residential ISP is a monopoly.
> Sure, but 'fits in the head' by itself doesn't suggest intelligence amplification. My work is in the area which can be described as highly integrated operating systems.
This is trivially true -- e.g. doorknob or Kalash "fits in head", but does not amplify intelligence. It isn't clear to me however where on my WWW you saw the implication that "fits in head" is a sufficient - rather than simply necessary - condition for IA ?
> And intelligence amplification is based on integration *with the user*. There's a bunch of terms like 'human-centric design' but they are all rather vague.
Is based on a number of things, but a device without "fits in head" and absolute correctness, can amplify only stupidity.
Yours,
-S
> It is my intention to maintain a reasonably complete mirror of public material which I personally use, or had a hand in creating.
> [..] will certainly put one up immediately if the TBF WWW were to vanish.
That is reassuring, knowing that you are committed to keep it available to the public at large.
> would like to first wrap up my attempt at a WWWistic Vtron display a la Phf's, and a few other items
Hopefully it will contain all experimental patches, including for example asciilifeform's 'makesnap' patch.
> you can probably afford to set up a mirror of your own
I could afford it, but I am in no position to do this at the moment, and as evidenced by the history of the 'Archive Team', things have a tendency to vanish without any warning. As such, I wanted to bring your attention to the problem before I am able to set up a public mirror.
The only public mirror I am aware of the TRB codebase+dependencies is a pre-Keccak V-based snapshot from late 2017 here (at the bottom of the page): http://edgecasesoftware.com/articles/compiling_bitcoind_trb_054_on_debian_711
However, as this site also hosts the public keys of contributors, I must highlight that I don't consider this mirror trusted and such, care should be taken before using it.
Dear Concerned Reader,
> Hopefully it will contain all experimental patches, including for example asciilifeform's 'makesnap' patch.
All of my patches (with the exception of the most recent one) are available in Jurov's TRB mailing list archive.
Grab a copy, it's < 5MB. Yours, -S
Thanks for keeping your word and mirroring important sites which are in danger of vanishing here:
http://dulap.xyz/pub/mirrors/
Dear Concerned Reader,
You're welcome. And please write in if you know of other sites which ought to be included.
Yours,
-S
>> The key word is 'was'. Dingdongs voluntarily give up control because 'community-driven' development.
>
> See earlier point re "open source". What these people do is a form of collective [gratification]
Even worse: I would go so far as to say that it was the Linux and GNU communities which popularized the idea of permanent software-abstractions. Before the mid-nineties, it was understood among professional software-engineers in both the UNIX and MS-DOS communities that all software-abstractions were, in fact, temporary conveniences. They could not be fully trusted, and often the engineer would be required to work around them. In those days, engineers were quite honest about the limits of their "bedrock abstractions," to use Dr Datskovskiy's term. This honesty was not wiped out by the rise of the Worse Is Better mentality (ie. the UNIX philosophy). The two coexisted for almost two decades. It was common prior to the mid-nineties for software-projects to start and end in assembly: well-defined subcomponents within the project could be written using higher-level languages, and often it was acceptable to choose a different language for each subcomponent. Linux, GNU, and the academic community at large decided to suppress this practice in order to stop people from directly sharing (or selling) binaries with each other. The stigma which arose with regard to the direct trading of binaries likely fuelled the rise of SaaS and cloud-computing (reliance upon other people's hard-drives) in the 2000s. Also, it is interesting to note that Erik Naggum was not a supporter of "free software" in the accepted sense. He considered closed-source libraries acceptable, promoted closed-source implementations of Common Lisp, and praised the concept of the JVM, saying that he wished something similar existed to bridge Common Lisp's different implementations.
Dear St Gregory of Nyssa,
>... Linux, GNU, and the academic community at large decided to suppress this practice...
I.e. "let's pretend that these
turdscomponents are modular, then they will be." Worked exactly as "well" as any reasonable practitioner of traditional engineering would expect.>... it is interesting to note that Erik Naggum was not a supporter of "free software" in the accepted sense. He considered closed-source libraries acceptable, promoted closed-source implementations of Common Lisp, and praised the concept of the JVM, saying that he wished something similar existed to bridge Common Lisp's different implementations.
Naggum was disappointed with not only the process of "software development as a spare-time activity" but also with the results. Hence this position.
Yours,
-S
I've never used Gentoo. Is either Funtoo or Exherbo (or any other source distro) better? I just want a good enough solution for getting a stable-ish system from source.
For me Guix is going to a replacement for development environments, not the base system. At least in the foreseeable future.
Dear salotz,
I am not aware of any currently maintained Gentoo-like distros which fully meet my requirements (i.e. equivalent to 2007-era Gentoo -- absolutely free of Poetteringism; 100% source-based) but can't speak for your particular use case. "Good enough for stable-ish" is unfortunately not a sufficiently detailed description for me to meaningfully comment.
Yours,
-S