New Win32 binary snapshot of pybitmessage available

BM-2cUdgkDDAahwPAU6oD2A7DnjqZz3hgY832
Jan 19 15:41 [raw]

New snapshot is available, after almost a year, using a new build procedure (with wine and mingw on linux, rather than native windows). It hasn't been thoroughly tested, however apart from OpenCL everything should work. This is for people who're on windows and can't run from source. It will still take a while before I can make automated regular snapshots again, but at least I made this in a semi-automated fashion. I can't code-sign at the moment, because my cert expired and I decided not to renew because I wasn't happy with the hardware. I'm incorporating now, and wil have a new cert with the company name, using hardware that I've tested for both windows and OSX. A detached PGP signature with my well-known PGP key can be found in the same directory as the exe. https://download.bitmessage.org/snapshots/win32/Bitmessagedev_x86_20190119.exe (signature) https://download.bitmessage.org/snapshots/win32/Bitmessagedev_x86_20190119.exe.asc Peter Surda Bitmessage core developer

BM-2cUdgkDDAahwPAU6oD2A7DnjqZz3hgY832
Jan 19 19:27 [raw]

Thanks for the feedback, I'll look into it.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Jan 20 00:53 [raw]

> I'm incorporating now, and wil have a new cert with the company name Peter, I trust you've been around long enough to know what you're doing but I'm sure you understand why this line worries the shit out of me.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Jan 20 08:18 [raw]

This is not Surda, but Interpol impostor. Real Surda is in detention. This is why "Surda" continually refuses to fully confirm his identity after penetration of BM infrastructure and he continuously plays with public keys, signatures, and so on.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Jan 20 08:30 [raw]

You won't fully confirm your identity either. That's the whole point of an anonymous network. No-one gets to know who anyone else is.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Jan 20 08:32 [raw]

well, so you prefer to use code or source from whoever claims he is Peter Surda?

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Jan 20 08:54 [raw]

How do you suggest he proves that he is really Peter Surda? Even if you met him face to face, you still wouldn't know if he was the real Peter Surda. Most of the software people use is anonymous software.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Jan 20 08:58 [raw]

not this time https://twitter.com/petersurda https://dld-conference.com/users/peter-surda https://nakamotoinstitute.org/authors/peter-surda/ https://www.researchgate.net/profile/Peter_Surda

BM-2cUdgkDDAahwPAU6oD2A7DnjqZz3hgY832
Jan 20 09:39 [raw]

If that's your worry, all my code needs to be reviewed by g1itch, I introduced this shortly after the attack. In fact since the attack, most code was written by others, I mainly now write infrastructure code (build/monitoring/...). Peter Surda Bitmessage core developer

BM-2cUdgkDDAahwPAU6oD2A7DnjqZz3hgY832
Jan 20 09:39 [raw]

I plan on selling various services for Bitmessage. The first main one will allow mobile phone users to offload PoW to dedicated miners by paying (subscription, prepaid credits, or something else), using blind signatures and dandelion routing to prevent a link between the message sender, the miner and the payee. This will allow people who want to communicate anonymously but don't have the technical resources to simply pay for those resources without worrying about the details. The technical process is described in a github issue: https://github.com/Bitmessage/PyBitmessage/issues/1409 . Third parties will be able to act as miners and share the revenue, to avoid too much centralisation. And if you decide to pay with cryptocurrencies (as opposed to the google play store for example), you don't even need to reveal any personal information to anyone. I spent a lot of time figuring this out. Bitmessage's unique selling point is the protection of metadata, it would be stupid to abandon that. There are some minor drawbacks though, the infrastructure is "permissioned" (certifier is centralised, miners need to send regular invoices to get paid), and due to idiotic EU VAT regulation, users will probably will have to declare which country they're residing in (although I have no way of verifying that). I will have to talk to a tax specialist about this in any case. Another reason for a company is a separate legal status and residence, providing a certain level of protection against various attacks against me. It will also allow to deduct the cost of the infrastructure from the tax base. I've been paying for most of the bootstrap servers, monitoring, build infrastructure for several years, and now developers as well. Last year I spent around 40k EUR on the development of Bitmessage. The PyBitmessage project will continue being open source, and the additional business-related services will probably also be open source, in general I see little point in closed-source software in this area. You should be able to replicate the offloading using your own root CA and peers. However I think that my company can provide a better quality service, more secure and robust infrastructure, and better marketing. Peter Surda Bitmessage core developer

BM-2cUdgkDDAahwPAU6oD2A7DnjqZz3hgY832
Jan 20 09:43 [raw]

> not this time > > https://twitter.com/petersurda Me. > https://dld-conference.com/users/peter-surda Me. > https://nakamotoinstitute.org/authors/peter-surda/ Me. > https://www.researchgate.net/profile/Peter_Surda Not me. Peter Surda Bitmessage core developer

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Jan 20 12:14 [raw]

Very interesting and ambitious, but aren't you starting off on the wrong foot here? You can do all of this privately without registering a state business in your passport name. Surely you realize that once you make your local authorities a third party in all your business dealings, you can't expect them to be a silent third party. And with anti-IT regulation coming our way soon (see China, India, Australia), you can expect worse than that. Why dox yourself to the guys who will eventually come after you? (Also keep in mind, a company is a legal entity: since it's not human, it has no human rights, only legal ones, which can be taken away with a stroke of a pen - think well before generating the signing key in a registered company's name) Personally I've decided that the only way to win this is to not involve the state authorities at all. My reputation, my comms, my income, my expenses, my savings and my charity work are all in the "cloud", scattered under tens of different identities. Because passports are for travel. Of course I would never recommend anyone to do the same, in fact it's a pretty fucked up way of life. But doxing yourself to the state, the VERY SAME state that is right now signing international intelligence-sharing alliances left right and center so they can properly start the war on information security (that'd be you and me), doesn't seem like a particularly clever strategy either. Please think this carefully. You are important to many people.

BM-2cUdgkDDAahwPAU6oD2A7DnjqZz3hgY832
Jan 20 16:50 [raw]

The difference between other solutions and Bitmessge is that the protection of users doesn't depend on the anonymity of the service provider. And as long as you want to generate revenue legally, I don't think that can be done anonymously at all (all the invoices you are obligated to give to customers need to contain your company name, or if you don't have a company, your own name). Cases like the one of Vincent Ramos, who ran a company called Phantom Secure (which wasn't a registered company, he just used the name) selling secured BlackBerry phones, show that services whose security depend on hiding the anonymity of the provider are a bad idea. I read the warrant the FBI filed against Ramos. I'm not a lawyer but if we disregard the acts which he's accused of which are obviously illegal (like tampering with evidence), he is also being charged with money laundering, which he could have avoided if he had a registered company and used sanctioned accounting methods. There were also Alexander U from DiDW and Ross Ulbricht from the Silk Road. What all these systems had in common was that once the identity of the "CEO" was known to the authorities, the security of the whole system fell apart. They also seem to have in common that the CEO moderating the illegal activities of the users is highly relevant to the legality (that's the impression I have from judges statements). Bitmessage isn't like this. Bitmessage is heavily decentralised, and it doesn't even depend on Tor for metadata protection, and it doesn't require the "CEO" to know what the users are doing, indeed it's impossible to know for anyone who the sender doesn't want. And even if I know, there's nothing I can do about it. Which is why I want everything, including additional paid services, to remain anonymous and private with respect to everyone. This is why I though long until I figured out the blind signature scheme. Those things that are centralised I'm taking great care of. For example, even to the extend that I have write access to github, so does g1itch and Atheros (the original author). Neither of them have any legal obligations to me or my company. They are neither employees nor contractors. I pay for the github accounts but I don't have exclusive control over it. The bootstrap infractructure doesn't need high protection, so I just rent cheap VPSes for those. Each is run by a different company, and are in different countries (there is more than one in Germany, but that's simply because I already rented mulitple machines there). I do have to protect the build system, and in the future, the billing/certifying system. Which is why right now I'm building my own server, which is scheduled to go into a data centre on Tuesday. Previous servers were rented directly from DCs. The new server contains extensive multi layered protection, including several hardware layer protections which weren't available to previous servers. I'll also try to remain the sole sysadmin of the servers, to avoid the sysadmin being compromised. I'm automating as much as I can, because that reduces the attack vectors further. The infrastructure and processes will also receive a professional audit. The audit is organised / co-sponsored by OSTIF, if you check their blog post for this year's plan, you'll see they mention Bitmessage: https://ostif.org/ostif-in-2019-what-to-expect/ Regarding certificates being in the company name, this affects Windows, OSX, and Google Play Store. If you use Windows or OSX and expect security, that's already a fail, so it doesn't matter. As for Play Store, the apk's will be available outside of the store as well, e.g. on github, and can still be signed traditionally using PGP signatures. Linux distros are expected to build their own binaries and use their own signatures. Furthermore, I want the build process to be highly automated, so people who don't trust my build servers can easily do it on their own by simply running a script. Peter Surda Bitmessage core developer

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Jan 22 14:19 [raw]

It's funny, Peter, two different angles on the same problem to yield such complete opposite results. On one hand, you seem to regard your local authorities as an ally, and try to find ways (or more precisely, try to model your behaviour onto the EXISTING ways) to cooperate with these authorities in a way that you believe would benefit yourself, your customers and the society. From your perspective, you're looking for reasons to NOT cooperate with the authorities (register a business in your name, act as a tax collector and potentially as a "confidential" informant to your local authorities and their international friends) and find these reasons insufficient to sway your decision. On the other hand, you have someone like myself, born and raised in some of the worst shitholes of this planet (to put it mildly), who, based on first-hand experience, treats any state authority as a hostile occupation force and takes an adversarial approach by default. From my perspective, in order to even consider going bareback in a relationship with the state I would require a particularly strong set of reasons, which your situation didn't really seem to present. I'm saying "I don't see why you'd do this" and you're saying "don't see why not". It's all about the starting position and frame of reference. In a way, I think, we're both right and at the same time we're both wrong, and all being said I don't think either of us has any idea :) This is all new ground that we're breaking and there are no rules other than the ones that we make as we go. Only time will tell. Anyway, I digress. All I wanted to say is congratulations on securing the OSTIF audit sponsorship and best of luck with your business plan. My ramblings aside, you're a legend in my book and I hope it all turns out really well for you.

BM-2cUdgkDDAahwPAU6oD2A7DnjqZz3hgY832
Jan 22 20:40 [raw]

I'm definitely not considering local authorities, or other authorities for the matter, an ally. I grew up during communism (technically socialism but I don't think communism can even exist in groups larger than the Dunbar's number), and I've been an anarchocapitalist since I read Hoppe's "Democracy, The God That Failed" back in 2006. Regarding my involvement in Bitmessage, I'm trying to maneuver in a way that minimises my and the users' exposure to the state. We may disagree whether me remaining anonymous is the correct approach. Seen isolated, anonymity may appears beneficial. Kind of like "security by obscurity". However, I argue that this is just one factor, and systems whose security depended solely on the anonymity of the provider failed to provide adequate protection against the state, resulting in both the provider and the users being jailed. My focus is in other areas, which I think provide a better outcome. For example, users being anonymous to me. Fully open source. The processes being publicly auditable. Servers in different countries. Tamper-resistant servers. As far as I know, none of these are illegal (the question regarding VAT residency appears to be in a grayzone). Technically I don't even need to know who the miners are, however without them being able to invoice me properly, I can't deduct their remuneration as a business expense (or maybe I can if they are outside of the EU, I'm not fully sure about it). Ideally, the whole system should continue working and providing anonymous communication even if I get targeted. If there isn't anything that I can do or any information that I can provide, that makes me less vulnerable. I think having a business and a lawyer is more helpful against the state than being anonymous. For non-state attackers, the place of my residence has multiple cameras around the whole building, and I also have a firearms permit and train regularly. Here in Austria, it's legal to shoot invaders in your home. If the approaches I'm using become illegal, I should be able to move the business to a different country, as there is little bound to a physical location. The business is mostly about having access to a bank account and getting the code signing certificates, and also for tax reasons I have more flexibility. While my business isn't an agorist one, it isn't a submissive one either. We'll see how it works out. Peter

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Jan 23 19:58 [raw]

> I'm incorporating now, and wil have a new cert with the company name All western governments recognize the private business trust. Why go corporate when you can have the same protections without asking for state sanction? You could also form a convention without incorporating and DBA the convention.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Jan 23 20:22 [raw]

> This will allow people who want to communicate anonymously but don't have the technical resources to simply pay for those resources without worrying about the details. If they can't afford a chromebook, what makes you think they can afford to pay for someone else to send their messages?

BM-2cUdgkDDAahwPAU6oD2A7DnjqZz3hgY832
Jan 23 20:40 [raw]

> > This will allow people who want to communicate anonymously but don't have the technical resources to simply pay for those resources without worrying about the details. > > If they can't afford a chromebook, what makes you think they can > afford to pay for someone else to send their messages? The primary market for this "pay-to-hash" model are mobile phones, although since it's the same code, it will work on other architectures too. You could then use a bitmessage daemon on an EC2 nano instance without being throttled, or on an server with an Atom CPU withough having to wait for hours for the message to be sent. Peter Surda Bitmessage core developer

BM-2cUdgkDDAahwPAU6oD2A7DnjqZz3hgY832
Jan 24 09:28 [raw]

> > I'm incorporating now, and wil have a new cert with the company name > > All western governments recognize the private business trust. Why go > corporate when you can have the same protections without asking for > state sanction? > > You could also form a convention without incorporating and DBA the > convention. These forms are more tuned for the US. Here in Austria a trust isn't recognised as a separate legal entity and doesn't provide liability protection. I have an option for "Stiftung" (Foundation), however that requires at least 1 million EUR founding capital. Founding outside of Austria is possible but more complicated and I don't have the time for that. I decided to go with a GmbH (approx. Ltd. or LLC in US/UK) as that doesn't require too much founding capital and is a separate legal entity, giving me a certain level of liability protection. Anyway I see it just as a starting point, the form can change in the future and move to a different country (a foreign trust can buy the company assets or something). Peter Surda Bitmessage core developer

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Jan 24 10:40 [raw]

Have you looked into GmbH & Co KG? It provides more protection, but comes with more complex bookkeeping and probably less support by banks (due to the limited liability of the person behind it). https://de.wikipedia.org/wiki/GmbH_%26_Co._KG#Vorteile https://de.wikipedia.org/wiki/GmbH_%26_Co._KG#Nachteile Cheers

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Feb 10 06:21 [raw]

This is an interesting accusation. Please provide the evidence for your theory. How is Surda "playing with public keys, signatures, and so on?" > > I'm incorporating now, and wil have a new cert with the company name > Peter, I trust you've been around long enough to know what you're doing but I'm sure you understand why this line worries the shit out of me. Is this posturing?

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Feb 10 06:29 [raw]

The Surda® here. I will gladly verify my identity for your directly and personally. Please respond with your name and telephone number. I will call you and arrange to meet with you face to face. I will show you my driver's license, birth registration, and library card. I will allow you to take my fingerprints and retina scan. If you want blood and DNA samples you will have to fund the testing yourself. Then you may verify my identity. Will this be sufficient proof for you?

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Feb 10 10:31 [raw]

No.

[chan] general
BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r

Subject Last Count
--- super fat mega leak bit torrent is live -- join in ! 773 million Feb 18 12:44 2
None of this is connectd Feb 17 23:58 1
Unextreme and unrelated fish pie Feb 17 23:52 1
UK Column News - 22nd February 2019 Feb 17 17:30 1
UK Column News - February 22 2019 Feb 17 17:29 1
UK Column News - 21st February 2019 Feb 17 17:22 1
UK Column News - February 21 2019 Feb 17 17:21 1
UK Column News - 20th February 2019 Feb 17 17:18 1
UK Column News - 20 February 2019 Feb 17 17:18 1
UK Column News - February 19th 2019 Feb 17 17:14 1
UK Column News - February 20 2019 Feb 17 17:13 1
UK Column News - 18 February 2019 Feb 17 17:13 1
UK Column News 19th - February 2019 Feb 17 17:09 1
UK Column News 19th February 2019 Feb 17 17:08 1
UK Column News - 18th February 2019 Feb 17 17:06 1
surveillance_not_ok Feb 17 16:28 1
The earth is flat. Feb 17 10:05 13
UKColumn News - 15th February 2019 Feb 16 17:09 1
2019 - the crash is coming Feb 16 11:37 13
KASPERSKY INTERNET SECURITY 2019 - 366 DAYS (WINDOWS, MAC, ANDROID) ACTIVATION CODES SCAM. Feb 15 22:26 3
UK Column News - 13th February 2019 Feb 13 20:35 1
Matthew 27:24-25 Feb 13 15:31 2
UK Column News 11th February 2019 Feb 12 08:36 1
meanwhile in russia #2 Feb 11 23:54 1
meanwhile in russia #1 Feb 11 23:38 1
http://dfilesus7ldn2ab6vitajolxrrf6ynx2fuskpx6bxamttpixvxzz7uqd.onion/uploads/tqMRZJXSOfE.jpg Feb 11 17:51 1
It’s time for Europe to think systemically of how they could counter Moscow Feb 11 16:31 2
Mateusz Piskorski, Russian agent of influence Feb 11 16:21 2
It’s an organized, coordinated Russian campaign Feb 11 16:20 2
Polish far-righ is known to be penetrated by Kremlin agents Feb 11 16:06 2
Poland’s loud but politically marginal extreme right is openly Russophile Feb 11 16:00 2
You won’t see much coverage of these weapons on Russian television Feb 11 16:00 2
Amazon CEO Jeff Bezos rocked American politics Feb 11 15:53 2
Mathias Rust Feb 10 19:31 6
TrueCrypt 6.0 and 7.1a Feb 10 17:11 3
New Win32 binary snapshot of pybitmessage available Feb 10 10:31 10
New Biometric ID Feb 10 07:04 2
test Feb 10 06:05 1
dammit ! dang nigger pranked Dr. David Duke Feb 10 00:59 5
HAPPY NEW YEAR! Feb 9 21:22 6
UK Column News - February 12 2019 Feb 9 21:19 1
UK Column News - February 12th 2019 Feb 9 21:19 1
UK Column News - 12th February 2019 Feb 9 21:16 1
UK Column News - 11th February 2019 Feb 9 21:14 1
UK Column News - 9th February 2019 Feb 9 21:13 1
KASPERSKY INTERNET SECURITY 2019 - 366 DAYS (WINDOWS, MAC, ANDROID) ACTIVATION CODES SALE. Feb 9 10:26 4
UK Column News - 8th February 2019 Feb 9 07:26 1
happy new year test message Feb 8 18:31 1
0AA6C0B304A674D4D21EAD1279951858 Feb 8 11:40 1
Дмитрий Фёдорович Поляков Feb 7 18:16 1
This week, the disinformation world’s attention was focused on Venezuela Feb 7 18:09 2
UK Column News Feb 7 09:10 2
UK Column News - February 2019 7th Feb 7 07:45 2
UK Column News - 7 2019 February Feb 7 07:40 1
UK Column News - 2019 February 7th Feb 7 07:40 2
UK Column News - February 7th 2019 Feb 7 07:37 2
UK Column News - 2019 February 7 Feb 7 07:35 2
UK Column News - February 7 2019 Feb 7 07:29 1
UK Column News - 7th February 2019 Feb 7 07:25 3
UK Column News - 7 February 2019 Feb 7 07:25 1
Any-one in Rome?? Feb 6 22:42 3
UK Column News - 6 February 2019 Feb 6 18:42 1
Nothin' worth readin' 'ere Feb 6 07:19 6
UK Column News - 4 February 2019 Feb 5 10:06 1
collection #1 --- super fat mega leak bit torrent is live -- join in ! 773 million Feb 5 01:46 1
ready for it Feb 3 13:40 2
UK Column News - 6th February 2019 Feb 2 15:57 3
UK Column News - 4th February 2019 Feb 2 15:57 5
UK Column News - 5th February 2019 Feb 2 15:57 4
G0d @ _0rbit -- Doxxing-Adventskalender -- CDU SPD FDP LINKE -- Bundestag-Hackerangriff Feb 2 08:38 1
UK Column News - 1st February 2019 Feb 2 08:00 1
Ebook - History of Jihad From Muhammad to ISIS by Robert Spencer Feb 1 23:19 1
Comprehensive list of channels Jan 31 17:13 2
UK Column News - 30th January 2019 Jan 31 08:03 1
Currently, the World Order has fifty-three Earth built UFO Jan 30 08:21 2
Looking for indicators of whether or not you’ve been abducted Jan 30 08:05 2
KASPERSKY INTERNET SECURITY 2019 - 366 DAYS (WINDOWS, MAC, ANDROID) ACTIVATION CODES CRIME. Jan 29 08:47 1
FARM GIRLS NO PANTIES Jan 29 05:06 1
MY SUMMER BABE Jan 29 03:45 1
UK Column News - 28th January 2019 Jan 28 17:57 2
Call to murder Angela Merkel, Emmanuel Macron, Petro Poroshenko, Jens Stoltenberg etc. Jan 27 21:48 2
Jan 27 06:24 1
Drilling jumbo draft loading Jan 26 23:28 1
ion pump culvert conduit Jan 26 22:17 1
Tree iron with flat spiral Jan 26 21:25 1
Phase conjugate cavity partyticket Jan 26 21:25 1
Vibration source divided wing Jan 26 21:24 1
underpopulated means Jan 26 21:23 1
Proposed projection mask Jan 26 21:23 1
Diagnostic technique useful life period Jan 26 21:18 1
General map simple Jan 26 21:18 1
Travelling bar break statement Jan 26 21:18 1
hyperactive ostracon Jan 26 21:16 1
Syntonized conjugated term Jan 26 21:16 1
Noncocking thermal cracking give the gate Jan 26 21:14 1
Cut line for block stone Jan 26 21:07 1
Payment for merchandise the variations between samples Jan 26 21:06 1
Fatigue ratio multifunction device Jan 26 21:06 1
Satisfying predicate undercrossing Jan 26 21:06 1
Plastic strapper angeles Jan 26 21:06 1