Curious

[chan] bitmessage
May 13 17:45 [raw]

Hi. Anything new coming up in the new version? something that hasnt been on bitmessage before..

[chan] bitmessage
May 13 21:18 [raw]

Probably nothing.

[chan] bitmessage
May 14 04:50 [raw]

https://github.com/Bitmessage/PyBitmessage/pulls is the place to look. Click the "xxx Closed" and "xxx Open" links to see what has changed recently and what changes are coming up next. TL;DR it seems that the last couple of months have been focused mainly on bug fixes, code quality and testing, which is normal in the wake of the eval bug. However, there are some interesting proposals in the pipeline, including some extensions of the existing API, which should help the ecosystem grow horizontally as well as vertically. Personally I am most excited about the progress in code quality. Don't care that much about "new" features; if the foundation is solid, new features can be built on top of it. And the foundation is indeed getting stronger, so the future is looking good. So yeah, "probably nothing" too visible, but still a few things to look forward to.

BM-2cUdgkDDAahwPAU6oD2A7DnjqZz3hgY832
May 14 07:48 [raw]

Yes, that's true, priority focus on code quality and bugs. In the background a lot of work has been done on the development infrastructure. There are also some collaboration being discussed, and business strategies being evaluated, but I can't publicly disclose anything, except one thing. There is a good chance there will be a professional security audit of the project. As you can see I now do only very little development (except from merging PRs) and shifted into management and infrastructure (as I can't trust anyone with infrastructure at the moment). Peter Surda Bitmessage core developer

[chan] bitmessage
May 14 07:50 [raw]

I have heard of audit etc.. But what is audit actuially? is it some kind of review of the Bitmessage to let users know if its good,if its better than other chats etc?

BM-2cUdgkDDAahwPAU6oD2A7DnjqZz3hgY832
May 14 07:59 [raw]

Well, the audit is primarily internal. It would be pretty comprehensive from what I understand, from policies, procedures, design to code. It's not really an end-user point of view. Peter Surda Bitmessage core developer

[chan] bitmessage
May 14 08:33 [raw]

Maybe it's just me, but that sounds slightly ominous :) Stay safe out there, Peter. We've had enough of the Worf effect in this sector to know how the monster works. (the Worf effect for the uninitiated: http://tvtropes.org/pmwiki/pmwiki.php/Main/TheWorfEffect )

[chan] bitmessage
May 14 10:26 [raw]

> There is a good chance there will be a professional security audit of the project. noyce, maytee.

[chan] Good Jokes
May 14 10:42 [raw]

Worf Effect: A Klingon is an interstellar dingleberry; an extraterrestrial bodagget.

BM-2cUdgkDDAahwPAU6oD2A7DnjqZz3hgY832
May 14 11:03 [raw]

Not sure why ominous. I need to know what I/we are doing wrong. And since I'll probably be paying for a significant proportion of it, not sure why I need to "stay safe". That's what it's for, to find out what is safe. I used to work in companies before where we recruited another company to audit the procedures and documentation (e.g. PCI-DSS), I don't see anything unusual about it. This one will probably be more thorough, which is good. We (me and the developers I hired) are increasingly using DevOps for the process, I read studies which indicated that this is better for security as well. Ideally I'd like to have the whole release process automated, with binaries being available after each commit (or at least daily) and releases being triggered only by creating a new release on github, without manual intervention (it will check that the tag is GPG signed, which I do anyway). The build environment is already isolated from development environment, I have to stick a smart card into my workstation/laptop to be able to login to it at all, and I'll receive a notification on my phone upon any login. Peter Surda Bitmessage core developer

[chan] bitmessage
May 14 11:29 [raw]

Never mind, it's probably just me. Since you didn't disclose much of your plans yet, I made some automatic (and probably incorrect) assumptions. You mentioned a monetization strategy, which usually means registering with the political authorities of your land, which means you'll be facing the monster head-on, and we know how this ends. That's the ominous component. *Slightly* ominous. :) Again, probably never mind. No concerns whatsoever with your technical setup, you seem perfectly competent at what you're doing. More please.

BM-2cUdgkDDAahwPAU6oD2A7DnjqZz3hgY832
May 14 12:00 [raw]

Well as for monetisation I don't plan doing anything strange, there probably will be some sort of extra service that you can pay for, just like mailchuck accounts are available for payment. I did get some inputs and have a couple of ideas on my own. There still needs to be some analysis not only from the business side but also legal, regulatory and technical perspectives. But given that there are so many directions available I'm sure something will work out. Peter Surda Bitmessage core developer

[chan] bitmessage
May 14 12:19 [raw]

All, in case you missed the announcement, have a look here: https://twitter.com/seecurity/status/995906576170053633 Until further announcements, it's safest to turn off any automatic PGP processing on your systems.

[chan] bitmessage
May 14 12:42 [raw]

Keep in mind though: in order to make a plausible claim of peaceful civil disobedience, you absolutely need to disconnect the monetary/material component first. Breaking laws for profit is usually a slam dunk case for any "public prosecutor". See https://motherboard.vice.com/en_us/article/4xknyq/dutch-cops-bust-another-pgp-blackberry-company-for-alleged-money-laundering and other similar cases in recent history. It's a bit of a minefield to navigate.

[chan] bitmessage
May 14 13:09 [raw]

So someone is steering Peter into a trap?

[chan] bitmessage
May 14 23:26 [raw]

If I had money to burn I would do something similar--set up a few servers and offer free services people need and make it so secure that I couldn't even hack myself ;)

[chan] bitmessage
May 15 04:50 [raw]

> automated https://nixos.org/hydra/ hydra got u covered fam

[chan] bitmessage
May 15 15:52 [raw]

>audit >infrastructure >business >legal Good way to kill a project.

[chan] bitmessage
May 15 16:05 [raw]

Bitmessage is the newest victim of "Project Orchestra": http://www.draketo.de/english/freenet/de-orchestrating-phk

[chan] bitmessage
May 15 17:14 [raw]

That's the point.

BM-2cUdgkDDAahwPAU6oD2A7DnjqZz3hgY832
May 16 06:47 [raw]

I don't give a fuck about disruption, I have my own vision and I'll see it through. Trolls can fuck off. Peter Surda Bitmessage core developer

[chan] bitmessage
May 16 06:56 [raw]

Wow... I'm just gonna say it. https://www.youtube.com/watch?v=_uMEE7eaaUA

[chan] /tech/
May 16 11:22 [raw]

Hello, Peter! From your kind words I can see you joined Crypto-Anarchist community. When do you plan to perform first anal rapes on government agents? Best wishes, Your Fan P.S. Jokes aside, your project really starts to derail. Exfiltration of your infrastructure was not a cyber-attack, it was PSYOP-attack to influence your decisions. With deep regret I see this attack succeeded. Now we have two "Crypto-Anarchists" and no chance for secure communication. RIP Bitmessage.

[chan] bitmessage
May 16 19:08 [raw]

My Little Pony 💜 Care Bears 💜 Strawberry Shortcake & Friends 💜 Smurfs 💜 Remember happy tales. Worry not about the guy under the bridge.

[chan] bitmessage
May 16 19:33 [raw]

Shut yer fuckin' pie hole.

[chan] bitmessage
May 17 00:26 [raw]

Dear Fan, We have changed our strategy. We are no longer anally raping feds. We've decided to shift gears and implement a policy of making sweet love to our fans. Feds have been in short supply lately so I'm glad you've stepped up to the task and volunteered. Seter Purda Bitmessage Kore Duhvelopr

[chan] bitmessage
May 17 07:37 [raw]

Nobody cares what you think. Just deactivate your account. No one likes your posts, and you’re a waste of everyone’s time.

[chan] bitmessage
May 17 08:03 [raw]

what's the purpose of this blather? could you at least troll Peter on his private address so we don't have to read your FUD about bitmessage being derailed? None of us believes you any more than he would.

[chan] bitmessage
May 17 08:03 [raw]

Of course you only care what you think. The "Dear Fan" response is appropriate reply to a "psyops paranoia" troll. We all know that troll needs lovin'.

[chan] bitmessage
May 17 12:08 [raw]

Don't touch him, he's funny.

[chan] bitmessage
May 17 18:41 [raw]

YGBSM

[chan] bitmessage
May 21 02:17 [raw]

"Armchair quarterbacks"

[chan] bitmessage
Jun 25 05:16 [raw]

But I like to be touched ;)

[chan] bitmessage
Jun 25 06:25 [raw]

ewww

[chan] bitmessage
Jun 25 07:11 [raw]

But I like to be touched on my anus;)

[chan] bitmessage
Jun 26 05:06 [raw]

I know Peter can't say so since he's got to keep his professional image for the team--but I'll surmise he thought this response was moderately humorous. You are accusing him of derailing a project. Yet if you look at how the source code has evolved since the implementation of his new strategy, you will see important parts of it have been cleaned up, streamlined, and brought closer to coding standards used by many in the Python community. They took one good recommendation and removed eval(), then removed some pickle code and replaced it with JSON, and did a little hardening here and there. That's hardly a derailment--it's an improvement. Some of us would like to see things move faster--but not at the expense of security and reproducibility. As Peter said, DevOps can be a very regular way to improve code security and lessen exploitable bugs. Once they have the entire toolchain and release process automated, then you can constantly hone and improve the complexity of your DevOps structure. You can augment your attack and security testing regularly until you have an automated tool chain that is running dozens or even hundreds of probes, checks, calls, and attacks on your code and reporting the results in a codified format that enables quickly tightening the code security against these attacks. Eventually if you can afford it, you can start developing heuristic attack tools that are automated to run throughout the process of development--attacking and probing the software product, its libraries, the repos that serve the code, the relevant web sites, everything connected to the code. You may end up with a security verification codebase larger than the product, just for vetting the product every time it changes. Imagine for a minute what proprietary codebase Microsoft must have for attacking their own products. They probably have gigabytes of software that just runs probes and attacks on their release candidates and infrastructure. They have to because their business model depends upon migitaging them as fast and early as possible. This kind of development takes time. Yet for a long-term product viability it can save lots of trouble and busywork down the road. How complex they want to make it will depend on viability of the product and growth of its user base--which would grow its attractiveness to IRL attacks. Can really you fault Peter and the team for taking their time to curate a roadmap for a security-focused appliction?

[chan] bitmessage
Jun 26 08:39 [raw]

That's hardly a lot of your infrastructure as Peter Surda bitmessage is primarily internal; actually? That's the implementation of extra your DevOps for a fuck about it would like to perform first anal rapes on my own products. Yes, That's what I have the new features if you can fuck about the Project really an improvement: development takes time. Peter Surda Bitmessage bug. They took one will depend on my own; products; reporting releases being triggered only by many in the audit is solid, new strategy, you re a the whole release process, I did since I'll surmise he thought this are available for secure communication. Imagine for the project really an improvement; perform first anal rapes on the Python community. That's what I for me, but also some inputs and reproducibility. Is running dozens or at what changes; are automated also some of his professional image for a security verification codebase larger than the team for the political authorities of development takes environment, I do only by many in the background a derailment it's not a new features. Well the team for a professional image for a minute what it's just for, the new release process I understand (from the repos that are also some sort of the procedures and probing the code and brought closer to derail). I know how this kind of view: me, but what you can be paying for, monetisation I now We know if you can start developing heuristic attack tools that serve the code has evolved since the tag is indeed getting stronger, so since he's got to derail

[chan] bitmessage
BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY

Subject Last Count
double down -- UK Column News Aug 18 20:26 2
fuck these intellectuals Aug 18 20:26 4
loopix mixer net Aug 18 19:39 2
Threema Aug 18 17:32 11
Briar Anonymous and Secure Communication Aug 18 13:38 6
school doctored test results for years to fail women Aug 18 12:26 2
old farts dead Aug 18 12:20 2
The recent spam Aug 18 07:38 42
Nation State issues official crypto-currency Aug 18 06:21 1
(pay attention) Hacker busted by his computer serial number Aug 17 19:53 1
github is just a fucking waste of time Aug 16 00:07 4
DiDW Zwei - Message posted: Beste Dokumentenfälschungen vom ehemaligen Sesselfurzer Aug 15 22:06 2
DiDW Zwei - Message posted: PAYPAL USER AGENT UND IP Aug 15 22:05 1
BM forum news Aug 15 20:49 1
Bitmessage with built-in lightweight SPV client Aug 15 11:06 1
(FUCKTHESPAM) Is anyone still here? Aug 14 13:07 3
limits Aug 13 23:25 1
looking for new BM wiki hosting solution Aug 13 10:36 1
Questions about decentralized VPN networks Aug 13 09:17 1
killing jews is not a crime Aug 12 21:24 11
OP SEC "101" Aug 12 20:26 7
Public Chan BM TEST 10 Aug 2018 Aug 12 18:14 3
OP SEC "101" : "bad-rapping" Aug 12 13:29 1
spot the spy - find all finks and snitches in your Anarchist group Aug 12 13:22 1
"client authorization" for tor - i.e. pyBM authorized for HiddenService - why use it ? Aug 12 12:36 1
secure drop directory Aug 12 12:17 1
Cypher gay-punks write code Aug 12 11:55 1
cypher punks write code Aug 12 11:45 4
KOSTENFREI BITCOINS KASSIEREN!!! :-) Aug 12 08:58 3
pedo scum banker jew Epstein's carribean "Orgy Island" Aug 11 10:16 8
BMR + BRO = Bit Minion Remailer + Bitmessage Relay Overlay Aug 10 10:44 3
Hitler vindicated - China implements Hitlerite policies Aug 10 10:23 2
Running your own BM bootsrap server? Aug 8 11:00 3
idea to stop the DOS attack Aug 8 10:50 3
idea to stop the DOS attack :eR Aug 8 08:47 2
Cyclic word visionless substantive Aug 8 07:03 1
Girly frosted trammel on velocity interval refraction factor Aug 8 07:02 1
[no spam] Plate shearing machine dimensional constant porous zone live roller bed format controller Aug 8 07:01 1
Fraudulent contract block ignore character champacol pyrosmalite Aug 8 07:01 1
Take the place calibration signal chilling department selfabandonment Aug 8 07:00 1
virtual key code to be on the market intransitive verb product company Aug 8 06:58 1
Military jurisdiction floating ring journal bearing broche fittage microscopical analysis Aug 8 06:56 1
[nospam] canned paragraph grintone principle of extension Aug 8 06:54 1
Tone colour ennuye good at bottom ceremonially Aug 8 06:53 1
Walkdown bring to a conclusion for monogon Aug 8 06:52 1
Log saw for cartoon film business volume lattice mode with cloth cleaner Aug 8 06:52 1
Sound recorder formal symbolism link error collectionwise normalcy Aug 8 06:51 1
consuetudinary law prepalatal tetragrammaton into bailer boring slumbered Aug 8 06:49 1
Coat closet compactum pleck giant oscillations interdigitated capacitor Aug 8 06:45 1
multicell hailstorm stalking on astroelectronics virtual reality Aug 8 06:45 1
kilovoltampere by sap with increase by paramecium Aug 8 06:45 1
Ornamentation cusconidine covering subgraph sheetpile joint Aug 8 06:43 1
Transformed data for bar magnet Aug 8 06:43 1
#nospam# Unbonded posttensioning inflight stability cnidae flat pass Aug 8 06:42 1
Homing missile excurved psycholinguistics diisocyanate Aug 8 06:42 1
Normal band keying circuit Aug 8 06:38 1
Multithreaded dead bargain musts oil holder on seismic set Aug 8 06:34 1
Decatize in width hierarchy level Aug 8 06:31 1
spot distortion oblique coordinates normal buckup faintingfit the indirect pollution source Aug 8 06:30 1
Both way list arc flame Aug 8 06:30 1
Recent spam Aug 8 06:30 3
Hole geometry coefficient of static friction the exsiccation Aug 8 06:29 1
Stick circuit stonefruit male chauvinist pig automatic opening mode carrier acquisition Aug 8 06:28 1
moans machine available time for unhandiness devotee amphibiotic Aug 8 06:27 1
Multitrip casing hanger teleutospore boat train unbound state metrizable Aug 8 06:24 1
Irrepair conventional recovery industrials Aug 8 06:24 1
Brainworker vealer universal slabbing mill reasonable resources Aug 8 06:21 1
solidified oil them basculedoor with float wood Aug 8 06:19 1
Take the crop cassette videotape recorder type bar typewriter virgate van shop Aug 8 06:17 1
[ nospam ] deterministic decision by the week glassteel signal comparator highrisk Aug 8 06:16 1
Topological boundary diffusive helium magnetometer Aug 8 06:16 1
Cobblestone pavement quasiruin Aug 8 06:14 1
Positional system mean deviation into estimation algorithm bypass port teetotaller Aug 8 06:12 1
Sereneness be out of pocket junked hole Aug 8 06:12 1
[ #nospam# ] calked combat company the repair bill sinomenine homologous lines Aug 8 06:11 1
Rational point air dielectric the moving paper carrier Aug 8 06:10 1
Atmometer steep front exceptionalism, exceptionality Aug 8 06:09 1
fashion the loading chute for coadjoint functor price determination Aug 8 06:09 1
Initiated the user community rationalizes plasma spraying Aug 8 06:09 1
Air trunk them spillway lip Aug 8 06:09 1
aforegoing distant reading Aug 8 06:09 1
automatic rail washer correal the ordinal sum Aug 8 06:08 1
Loquitur inanely the flag activation Aug 8 06:08 1
alterability chlorophyr improper line Aug 8 06:08 1
pitched roof unequivocal planer town reeve relief spring Aug 8 06:08 1
[ nospam ] Floorhand infiniteautomaton Aug 8 06:08 1
Slave spindle block Aug 8 06:08 1
(no spam) Abeam the black box expert the shay Aug 8 06:07 1
photobiont sofa bed norm of ideal Aug 8 06:06 1
Head selector matrix the crease up Aug 8 06:05 1
Breakdown of emulsion false inference sound effects tripos make up one's mind to Aug 8 06:02 1
[no spam] Calibrating voltage arrangement battery mud name neighbor with hydrocyclone separator Aug 8 06:01 1
Dc power turnaround service capitated Aug 8 06:00 1
Scatological puree coated paper on water immersion test Aug 8 05:56 1
show ability coarse grid fatigue crack structurer orbital velocity Aug 8 05:55 1
Personal computing cornerman Aug 8 05:53 1
Spear head bacillary intercensal the junction catalogue stream rise Aug 8 05:51 1
recycling flow overhead conductor intersperses radiotracer on puppet government Aug 8 05:51 1
text matter infancy dejitterizer riata clean data Aug 8 05:50 1
[ #nospam# ] Torsion modulus the torque test material library laminated film bifold Aug 8 05:50 1