Curious

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Jun 22 10:20 [raw]

Hi If Bitmessage/PyBitMessage is anonymous and encrypted p2p messenger (If it is).. then why do messages we send (no matterBM chan address) comes up among the chanlist on https://beamstat.com ? It would be more anonymous and encrypted.. especially the anonymousity would be better if the messages we send doesn't come up on the chanlist on https://beamstat.com

BM-2cX62WCeFcUwzXWqxTBfaAzNy4j1y8yZVm
Jun 22 11:02 [raw]

> Hi > If Bitmessage/PyBitMessage is anonymous and encrypted p2p messenger > (If it is).. then why do messages we send (no matterBM chan address) > comes up among the chanlist on https://beamstat.com ? Because the chans listed on beamstat are public. > It would be more anonymous and encrypted.. especially the > anonymousity would be better if the messages we send doesn't come up > on the chanlist on https://beamstat.com You can create your own chan. Peter Surda Bitmessage core developer

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Jun 22 11:03 [raw]

Chans are anonymous and public. They are designed to message publicly. Sender is unknown, but message can be seen by anyone. Send messages to private addresses if you want privacy.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Jun 25 21:23 [raw]

no no no chan is special address what can be use like group if u share NAME OF CHAN thats password of chan with ENTIRE world its public but if you want your private chan use as NAME OF CHAN very strong password and share it only with friends your chan stay safe and anonymous without NAME/PASSWORD of chan you cant connect to chan so if somebody leak address they cant connect if somebody leak only NAME/PASSWORD they cant connect

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Aug 5 16:48 [raw]

Hi all Anyone know any free chatsites (as in web-based chatsites) on Tor browser that has: No registration and freedom of speech

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Aug 5 18:09 [raw]

You're in the only one. Bitmessage is immune to censorship.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Aug 5 18:12 [raw]

So basically bitmessage is anonymous,even without using Tor with bitmessage?

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Aug 5 18:31 [raw]

Yes bitmessage is anonymous with a caveat: right now the userbase is small, so if you don't use Tor, an attacker can use timing attacks to guess (not necessarily prove, but a good guess) some messages are from your node. However, there is no way for them to tell who your message is for, even if they can determine which node originated it, and there is no way for them to read your message if it is between two private addresses. As the userbase grows, such timing attacks will not even be able to tell which node originated an object because there will be too many nodes and objects to keep track of. Bitmessage is much more secure than Tor. I've been all through the source code many times analyzing the crypto. Tor's crypto is based on SHA1 which is totally broken. The Tor devs have known it is broken and have not fixed it because the Tor devs all work for the deep state. Tor is not a privacy network. It is a surveillance network. Bitmessage is the real deal.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Aug 5 18:33 [raw]

Now take your pills, please.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Aug 5 19:46 [raw]

try again, SHA1 is a hashing function. not encryption. What tor actually uses for encryption https://www.reddit.com/r/TOR/comments/5rsc5b/what_is_the_encryption_algorithm_that_tor_uses/dd9z929/

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Aug 5 22:10 [raw]

You don't need pills. You have denial to soothe you. The Tor devs are spooks with military budget funding.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Aug 5 22:39 [raw]

SHA1 is how you verify the encryption keys. If you can forge keys with the same hash you can hijack a hidden service. Therefore Tor is broken.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 13 17:45 [raw]

Hi. Anything new coming up in the new version? something that hasnt been on bitmessage before..

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 13 21:18 [raw]

Probably nothing.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 14 04:50 [raw]

https://github.com/Bitmessage/PyBitmessage/pulls is the place to look. Click the "xxx Closed" and "xxx Open" links to see what has changed recently and what changes are coming up next. TL;DR it seems that the last couple of months have been focused mainly on bug fixes, code quality and testing, which is normal in the wake of the eval bug. However, there are some interesting proposals in the pipeline, including some extensions of the existing API, which should help the ecosystem grow horizontally as well as vertically. Personally I am most excited about the progress in code quality. Don't care that much about "new" features; if the foundation is solid, new features can be built on top of it. And the foundation is indeed getting stronger, so the future is looking good. So yeah, "probably nothing" too visible, but still a few things to look forward to.

BM-2cUdgkDDAahwPAU6oD2A7DnjqZz3hgY832
May 14 07:48 [raw]

Yes, that's true, priority focus on code quality and bugs. In the background a lot of work has been done on the development infrastructure. There are also some collaboration being discussed, and business strategies being evaluated, but I can't publicly disclose anything, except one thing. There is a good chance there will be a professional security audit of the project. As you can see I now do only very little development (except from merging PRs) and shifted into management and infrastructure (as I can't trust anyone with infrastructure at the moment). Peter Surda Bitmessage core developer

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 14 07:50 [raw]

I have heard of audit etc.. But what is audit actuially? is it some kind of review of the Bitmessage to let users know if its good,if its better than other chats etc?

BM-2cUdgkDDAahwPAU6oD2A7DnjqZz3hgY832
May 14 07:59 [raw]

Well, the audit is primarily internal. It would be pretty comprehensive from what I understand, from policies, procedures, design to code. It's not really an end-user point of view. Peter Surda Bitmessage core developer

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 14 08:33 [raw]

Maybe it's just me, but that sounds slightly ominous :) Stay safe out there, Peter. We've had enough of the Worf effect in this sector to know how the monster works. (the Worf effect for the uninitiated: http://tvtropes.org/pmwiki/pmwiki.php/Main/TheWorfEffect )

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 14 10:26 [raw]

> There is a good chance there will be a professional security audit of the project. noyce, maytee.

BM-2cXELwioyGKqWMB3EfMBkrrTKzkP6xRaBG
May 14 10:42 [raw]

Worf Effect: A Klingon is an interstellar dingleberry; an extraterrestrial bodagget.

BM-2cUdgkDDAahwPAU6oD2A7DnjqZz3hgY832
May 14 11:03 [raw]

Not sure why ominous. I need to know what I/we are doing wrong. And since I'll probably be paying for a significant proportion of it, not sure why I need to "stay safe". That's what it's for, to find out what is safe. I used to work in companies before where we recruited another company to audit the procedures and documentation (e.g. PCI-DSS), I don't see anything unusual about it. This one will probably be more thorough, which is good. We (me and the developers I hired) are increasingly using DevOps for the process, I read studies which indicated that this is better for security as well. Ideally I'd like to have the whole release process automated, with binaries being available after each commit (or at least daily) and releases being triggered only by creating a new release on github, without manual intervention (it will check that the tag is GPG signed, which I do anyway). The build environment is already isolated from development environment, I have to stick a smart card into my workstation/laptop to be able to login to it at all, and I'll receive a notification on my phone upon any login. Peter Surda Bitmessage core developer

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 14 11:29 [raw]

Never mind, it's probably just me. Since you didn't disclose much of your plans yet, I made some automatic (and probably incorrect) assumptions. You mentioned a monetization strategy, which usually means registering with the political authorities of your land, which means you'll be facing the monster head-on, and we know how this ends. That's the ominous component. *Slightly* ominous. :) Again, probably never mind. No concerns whatsoever with your technical setup, you seem perfectly competent at what you're doing. More please.

BM-2cUdgkDDAahwPAU6oD2A7DnjqZz3hgY832
May 14 12:00 [raw]

Well as for monetisation I don't plan doing anything strange, there probably will be some sort of extra service that you can pay for, just like mailchuck accounts are available for payment. I did get some inputs and have a couple of ideas on my own. There still needs to be some analysis not only from the business side but also legal, regulatory and technical perspectives. But given that there are so many directions available I'm sure something will work out. Peter Surda Bitmessage core developer

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 14 12:19 [raw]

All, in case you missed the announcement, have a look here: https://twitter.com/seecurity/status/995906576170053633 Until further announcements, it's safest to turn off any automatic PGP processing on your systems.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 14 12:42 [raw]

Keep in mind though: in order to make a plausible claim of peaceful civil disobedience, you absolutely need to disconnect the monetary/material component first. Breaking laws for profit is usually a slam dunk case for any "public prosecutor". See https://motherboard.vice.com/en_us/article/4xknyq/dutch-cops-bust-another-pgp-blackberry-company-for-alleged-money-laundering and other similar cases in recent history. It's a bit of a minefield to navigate.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 14 13:09 [raw]

So someone is steering Peter into a trap?

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 14 23:26 [raw]

If I had money to burn I would do something similar--set up a few servers and offer free services people need and make it so secure that I couldn't even hack myself ;)

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 15 04:50 [raw]

> automated https://nixos.org/hydra/ hydra got u covered fam

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 15 15:52 [raw]

>audit >infrastructure >business >legal Good way to kill a project.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 15 16:05 [raw]

Bitmessage is the newest victim of "Project Orchestra": http://www.draketo.de/english/freenet/de-orchestrating-phk

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 15 17:14 [raw]

That's the point.

BM-2cUdgkDDAahwPAU6oD2A7DnjqZz3hgY832
May 16 06:47 [raw]

I don't give a fuck about disruption, I have my own vision and I'll see it through. Trolls can fuck off. Peter Surda Bitmessage core developer

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 16 06:56 [raw]

Wow... I'm just gonna say it. https://www.youtube.com/watch?v=_uMEE7eaaUA

BM-2cTcTw1ZuyY4eYffL5dzTCGS5Ud4zP6TVm
May 16 11:22 [raw]

Hello, Peter! From your kind words I can see you joined Crypto-Anarchist community. When do you plan to perform first anal rapes on government agents? Best wishes, Your Fan P.S. Jokes aside, your project really starts to derail. Exfiltration of your infrastructure was not a cyber-attack, it was PSYOP-attack to influence your decisions. With deep regret I see this attack succeeded. Now we have two "Crypto-Anarchists" and no chance for secure communication. RIP Bitmessage.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 16 19:08 [raw]

My Little Pony 💜 Care Bears 💜 Strawberry Shortcake & Friends 💜 Smurfs 💜 Remember happy tales. Worry not about the guy under the bridge.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 16 19:33 [raw]

Shut yer fuckin' pie hole.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 17 00:26 [raw]

Dear Fan, We have changed our strategy. We are no longer anally raping feds. We've decided to shift gears and implement a policy of making sweet love to our fans. Feds have been in short supply lately so I'm glad you've stepped up to the task and volunteered. Seter Purda Bitmessage Kore Duhvelopr

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 17 07:37 [raw]

Nobody cares what you think. Just deactivate your account. No one likes your posts, and you’re a waste of everyone’s time.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 17 08:03 [raw]

what's the purpose of this blather? could you at least troll Peter on his private address so we don't have to read your FUD about bitmessage being derailed? None of us believes you any more than he would.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 17 08:03 [raw]

Of course you only care what you think. The "Dear Fan" response is appropriate reply to a "psyops paranoia" troll. We all know that troll needs lovin'.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 17 12:08 [raw]

Don't touch him, he's funny.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 17 18:41 [raw]

YGBSM

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 21 02:17 [raw]

"Armchair quarterbacks"

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Jun 25 05:16 [raw]

But I like to be touched ;)

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Jun 25 06:25 [raw]

ewww

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Jun 25 07:11 [raw]

But I like to be touched on my anus;)

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Jun 26 05:06 [raw]

I know Peter can't say so since he's got to keep his professional image for the team--but I'll surmise he thought this response was moderately humorous. You are accusing him of derailing a project. Yet if you look at how the source code has evolved since the implementation of his new strategy, you will see important parts of it have been cleaned up, streamlined, and brought closer to coding standards used by many in the Python community. They took one good recommendation and removed eval(), then removed some pickle code and replaced it with JSON, and did a little hardening here and there. That's hardly a derailment--it's an improvement. Some of us would like to see things move faster--but not at the expense of security and reproducibility. As Peter said, DevOps can be a very regular way to improve code security and lessen exploitable bugs. Once they have the entire toolchain and release process automated, then you can constantly hone and improve the complexity of your DevOps structure. You can augment your attack and security testing regularly until you have an automated tool chain that is running dozens or even hundreds of probes, checks, calls, and attacks on your code and reporting the results in a codified format that enables quickly tightening the code security against these attacks. Eventually if you can afford it, you can start developing heuristic attack tools that are automated to run throughout the process of development--attacking and probing the software product, its libraries, the repos that serve the code, the relevant web sites, everything connected to the code. You may end up with a security verification codebase larger than the product, just for vetting the product every time it changes. Imagine for a minute what proprietary codebase Microsoft must have for attacking their own products. They probably have gigabytes of software that just runs probes and attacks on their release candidates and infrastructure. They have to because their business model depends upon migitaging them as fast and early as possible. This kind of development takes time. Yet for a long-term product viability it can save lots of trouble and busywork down the road. How complex they want to make it will depend on viability of the product and growth of its user base--which would grow its attractiveness to IRL attacks. Can really you fault Peter and the team for taking their time to curate a roadmap for a security-focused appliction?

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Jun 26 08:39 [raw]

That's hardly a lot of your infrastructure as Peter Surda bitmessage is primarily internal; actually? That's the implementation of extra your DevOps for a fuck about it would like to perform first anal rapes on my own products. Yes, That's what I have the new features if you can fuck about the Project really an improvement: development takes time. Peter Surda Bitmessage bug. They took one will depend on my own; products; reporting releases being triggered only by many in the audit is solid, new strategy, you re a the whole release process, I did since I'll surmise he thought this are available for secure communication. Imagine for the project really an improvement; perform first anal rapes on the Python community. That's what I for me, but also some inputs and reproducibility. Is running dozens or at what changes; are automated also some of his professional image for a security verification codebase larger than the team for the political authorities of development takes environment, I do only by many in the background a derailment it's not a new features. Well the team for a professional image for a minute what it's just for, the new release process I understand (from the repos that are also some sort of the procedures and probing the code and brought closer to derail). I know how this kind of view: me, but what you can be paying for, monetisation I now We know if you can start developing heuristic attack tools that serve the code has evolved since the tag is indeed getting stronger, so since he's got to derail

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Sep 20 03:07 [raw]

> Good way to kill a project. It's killed alright. Nobody is using Bitmessage. Not even the code maintainers use it any more.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Sep 20 07:27 [raw]

Though that's more likely thanks to the spamming lately, and the complete lack of action against it, that rendered public channels extremely unattractive.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Sep 20 07:58 [raw]

Maybe the developers want it that way. Two dozen lines of source code would have fixed the spam issue. I would have submitted a patch, but I won't. I watched for a long time as other people submitted patches to fix stuff and the submissions were ignored on some bullshit technical grounds that had nothing to do with reason.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Sep 20 07:58 [raw]

Dare we fork PyBitmessage and leave this version behind?

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Sep 20 07:58 [raw]

The problem here is that almost everyone involved is unregenerate and inherently evil.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Sep 20 10:39 [raw]

Forking would imply we keep the current code-base. I'd rather suggest starting over, probably in a language that isn't interpreted, and has a lot of compile-time safety checks. And while we're at it, make some tweaks to the general concept, to clear out now-obsolete bits, and make the entire system more ridgid. Changing stuff would however break compatibility with existing implementations, so it's not likely to get much ground.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Sep 20 10:59 [raw]

there are 200 forks already go ahead, create fork #222

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Sep 21 00:53 [raw]

You can make backward compatibility a configuration switch. Now go and write some code.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Sep 21 02:56 [raw]

> in a language that isn't interpreted, and has a lot of compile-time safety checks Did somebody say "Free Pascal?" (not kidding, it would work and compile to all platforms including Android). What language(s) would you suggest? Also, the networking model in Bitmessage protocol is rather primitive. It should not maintain connections at all. Rather it should cycle connect, exchange data, and cycle onward to the next peers in the list, at intervals that don't cause a non-stop comparison of inventory lists. In this way a group of 300 peers would exchange a few kilobytes per minute instead of megabytes per minute. Much more efficient.

[chan] bitmessage
BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY