April 16, 2014

better bash scripting

Filed under: Uncategorized — @ 12:00 a.m.
better bash scripting

"Better Bash Scripting" is a good thing to read when diving into a bunch of bash scripting exercises.

April 14, 2014

No more statute of limitations for the IRS

Filed under: Uncategorized — @ 12:00 a.m.
No more statute of limitations for the IRS

The beloved Tyrant has lifted the restrictions on their own tax collection program, allowing them to just wait for a long enough time after you've made a mistake on your taxes for the interest to compound to a life-ruining degree before moving in for the kill. Even better is how they're going after the children of debtors for their parents obligations.

This is the sort of thing that drives cool people out of the country. Tax law in America is so complex that the only guarantee one has when dealing with your lord and master is that you're definitely in violation of one of his myriad byzantine rules about how to structure your commerce.

I don't care to live with the perpetual fear of an audit hanging over my head.

April 13, 2014

There is no recourse in Bitcoin - only trust and identity

Filed under: Uncategorized — @ 12:00 a.m.
There is no recourse in Bitcoin - only trust and identity

Bitcoin + GPG are remaking the world. Bitcoin is the uninterdictable, unsequestrable, unrefuseable thing the nascent cryptocracy uses to shuffle value around the world and between the members of itself. GPG and its sane use is the foundations of the identities we all use to communicate with each other. GPG and Bitcoin together are the foundation of a society where there is no recourse for crime, simply identities who have and have not scammed.

In the bad old days1, holding value personally was a thing one just did not do. Storing large amounts of value required metal cabinets and fake walls into which one crammed high denomination bill after high denomination bill. Rescuing your stored value when the house caught on fire was a nightmare entailing much wailing and gnashing of teeth while your life's savings went up in flames. Further complicating what sensible people now understand to be the simple chore of moving your monies from personal control to your broker's2 required days for the distributed 'database' in which the United States Government tracked its cattle's holdings to ensure that all of the books still balanced post-transfer (and gave the States' financial auditors a toehold to track exactly who owned what at what time). This system of 'accounts in dbs synced several times per week' prohibited backing ones assets up elsewhere via any mechanism whatsoever - "citizens" of the States were at the mercy of government-provided insurance for deposit holders.

Bitcoin freed us from this nonsense. Holdings of any size at all now occupy more or less trivial amounts of space. Holdings can be backed up at many different sites, and with the magic of m-of-n signatures, we can now grant ourselves some safety against the compromise of any specific backup location3. We can even put our precious bitcoin on deposit with our friends and trust them to hold them safe until we need them (although for the love of fuck don't do this4).

Once upon a time, all citizens of the United States were tracked in great databases that included 'credit scores' and 'criminal records' and all sorts of things that employers could be scammed into caring about during the hiring process5. Asymmetric cryptography freed us from the tyranny of the bureaucratic all-watcher in the same way that Bitcoin freed us from the state-mandated overseer of all financial decisions.

Identity is what the hucksters sold our corporate masters: "All of this scraping and digging through public data gives us great insight into each and every human you supply as feeder material to our machine. We identify them and identify whether or not we should tell you to not hire them." This approach is a weak proxy for identity. A weak approximation of a Web of Trust is what it really is - essentially phoning someone with trustworthy judgment on the trustworthiness of randos off the street.

Trustworthiness being of course the only thing of import when deciding whether or not to do business with an entity. How trustworthy is the used car salesman? Better call up some people you know who've had truck with him. How trustworthy the escort? Well, that's a question I'm not quite qualified to answer but I imagine that Heidi has some thoughts on the topic. All we really care about in addressing this identity thing is how far can we trust the guy in question? As far as I can kick his ass? Perhaps around the block? Should I trust him with my kids while I take his lemon for a spin around the block?

The car salesman's an interesting case, but not a case that's the crypto toolchain brings new tooling to address. The new tooling we have is most recently Bitcoin, and deeper in the depths the classic asymmetric cryptography.

Humans playing with Bitcoin today must accept a hard fact of their new world: should someone run with your bitcoins you have no recourse. This is both a practical and philosophical matter.

Practically, any law enforcement entity you bring a case like this to is going to laugh you out of the room. Your best case scenario is to file papers with your local state-sponsored Attorney and ask them to pretty please file criminal charges against some people who may be criminals. Even in that scenario, your agent is filing criminal charges and you're never going to see a dime from them. Should you go up against an actually sophisticated scammer and succeed in getting the bastard to appear in court he is as free as a bird to simply blink innocently and say "what bitcoins?" You'll be up the proverbial creek trying to prove that the person you know stole your coins actually has the relevant private keys. Simply not doable!6

Philosophically, you're not set up to extract a pound of flesh7. There is no judge who'll sanction the move and you have no army to back up your demands8. Today's great loss is inconsequential next to the mountain of BTC you can yet accumulate should you sit down and apply yourself. Cycles wasted pissing and moaning in public, threatening action you lack the resources to prosecute are cycles not devoted to the crypto-savvy human's only acceptable goals: acquiring cryptocurrencies and building up their identities.

Assume the sale, assume the deal. You enter into an agreement with a trusted counterparty and they default - fucking you for thousands of bitcoins. What then is the identitied entity to do?

You publish a clearsigned accusation against your defrauder, including every detail that supports your case. You change your rating of the defrauder to a -10 in your Web of Trust, indicating that the person lies, cheats and generally defrauds. Your community of peers9 will then evaluate your competing claims. Ideally, the actual malefactor receives the aristocracy's bum ratings and that identity is forever worthless (it's not impossible that through amazing social engineering the victim is cast out into the dark. It pays, in other words, to have friends).

That is all. Your wealth is gone, but your identity remains intact. Your attacker has your wealth, but has lost their identity. It is in all of our best interests to align incentives with formation and maintenance of solid identities over the alternatives.

Hence my claim that in Bitcoin there is no recourse, only trust and identity. To do business, you must trust others. To trust others you must be able to verify their identities10. If you want to matter in Bitcoin 20 years from now, I recommend you start building your identity today11. Get a key, get it in the WoT, come hang out with the hallowed peerage. You'll learn more than you ever did in school.



That is to say this decade and probably the next two for most people.


Owning stock in companies being a thing that will never go away, and the ordinary capital-owner never having anywhere near enough capital to get onto the stock exchanges under their own steam, brokerages have always and probably will always exist. Distributed exchanges make this an even more likely scenario, as now someone has to filter through all the garbage in the world to find the assets suitable for trade and evaluate all of the counterparties in the chain.


The keys to unlock our funds being stored in several different places and the requirement that at least 2 of them sign any transaction releasing our funds insulate us from any single point of failure in both the case of theft and loss of keys. So long as we retain control of a quorum of our keys and an attacker does not compromise a number equal to or greater than that quorum, our funds are vastly safer than in a traditional bank vault. Safer from outright physical theft for certain, but also safer against the more subtle theft of inflation or the bludgeon of the bail-in (don't fall down a black hole reading that one).


Once upon a time I'd have said "needless to say" somewhere near here, but a) that's super cliché and b) this blog is in the business of collecting all the things I'd have thought didn't need saying. I've learned through painful and repeated exposure to the unfiltered human excrement the internet's been awash in ever since September that things I generally assume don't need eliding (like don't share private keys, don't share bitcoin 'wallets', don't fuck chicks you don't know without a rubber) do in fact need explaining to all and sundry typically not even once but several times until the message makes it through the thick shell humans apparently evolved to prevent knowledge from leaking in.


This coincided with the rapid decline of the profusion of 'good jobs' with which my parents' generation rose to ascendancy on the world stage. As the 'good jobs' grew ever scarcer and the average person grew more and more desperate to first find more remunerative work and then later any work at all, American companies discovered that they could deliver value to the BigCorp hiring process simply by virtue of culling the resumé stack for a given position. Reasons were given (inadequate credit scores indicating a personal failing of some sort, past criminal record indicating personal failure of some sort, postings on social networks indicating a personal failure of some sort, substance consumption habits indicating… porn viewing habits indicating…), but nobody really cared - if you could reduce the stack of applicants while complying with the Labor Department requirements around race and gender balances your product was a lock for the enterprise sale.


This parable ignores the vanishingly small likelihood that taking this person to court will ever result in payments anywhere near adequate to cover your legal costs should you bring in help - and if you don't bring in help in the United States courts you may find yourself in an insanitarium, found to be insane by the judge you'd hoped would provide some recourse against your thief.


For you are not a wealthy financier capable of flushing the grime and dirt from the sweet streets of our serene republic, no matter how hard you imagine your life otherwise.


Had you the army you'd never have been ripped off in the first place, being too busy raping and pillaging the countryside to entertain and feed your voracious mouths. Have you ever stared at the uncompromising requirements of payroll, swallowed hard and gone back out to perform the duties of leadership? A penny here or there to the man who must feed an army is but the whinging of a gnat compared to the booty at the end of his rainbow. That'd be not so much a scam, ripping the man for his inheritance as a mosquito attempting to drain an elephant on the voracious march.


That is to say at this moment, the Barons. Peerage being a very specific thing, you see.


Bitcoin is for the shuffling of value, PGP is for the guaranteeing of identities. In tandem, the foundation of our nascent community.


Q: What's the best time to plant a tree?

A: Twenty years ago.

Q: What's the second-best time to plant a tree?

A: Today.

April 11, 2014

Names, Keys

Filed under: Uncategorized — @ 12:00 a.m.
Names, Keys

I am retiring 2 things in this post, a name and a key. Last fall my lady and myself took a new name (Vulpes, pronounced Vuhl-pez, accenting the first syllable) for ourselves and our new family1.

This week, I've upgraded my keys and significantly improved my operational security. I'm retiring BC7ACAC7 and implementing D2D031DA.

Hash: SHA1

The bitcoin-otc entity 'benkay' previously identified by key id 39F274AFBC7ACAC7 is
now identified by key id 2AFA1A9FD2D031DA. Please address all communications to Ben
Vulpes at

Version: GnuPG v1

Version: GnuPG v1


This key may be found in all of the usual places; the about section up above, on my OTC profile, and on the gnupg keyserver.



The key is obviously much more important than the name. Changing names is an ungodly ratfuck of paperwork under the Communist States of America.

#bitcoin-assets new WoT and voice model

Filed under: Uncategorized — @ 12:00 a.m.
#bitcoin-assets new WoT and voice model

Updated: 1/14/2014, referencing assbot instead of gribble. My, how times change.

If you join #bitcoin-assets on today, you'll find that you don't have voice. The esteemed kakobrekla integrated channel operations with the Bitcoin Web of Trust (I told you it was important).

To achieve voice in the channel, you must have at least level 2 trust in assbot's WoT. That means either being in that linked list, or the WoT of anyone on that list. It's not terrifically difficult, mircea_popescu for one is inclined to hand out provisional 1's so that noobs can up themselves.

So, instructions on getting yourself voiced in La Serenissima:

  1. Set up nickserv services on Freenode.

    Pick a nick. Register it to an email address, set a password, set it up to kick impostors without your password off of it. Connect over SSL so's to make it just a little harder to pull your password off of the network. Use SASL if you're into that sort of thing, and if your client's set up to auth to services before joining channels. It's a deep, stupid set of trivia, managing IRC opsec, and I shan't go into any further detail on the topic here. Also, I'm personally bad at it.

    Run the following command from your IRC client to get the full rundown on nicknames and passwords and Freenode nick services at large:

    /msg NickServ help
  2. Once you have a nick and are authed to services, register with assbot.
    /query assbot
    !register <long keyid>

    Getting your long keyid is a matter of:

    gpg --keyid-format LONG -K

    assbot will respond with an OTP (one-time-pad, bit of a misnomer given the actual etymology of the one-time-pad, but whatever) for you to decrypt. Do so (this is not a GPG guide), and then respond to assbot with its contents:

    !v assbot:YOUR_NICK.register:14d6b89d1f55c1ede86b512f7db0c37db4dcdfdd2cb6658dbb9fe973802b2c86

    Or something like that.

  3. Join #bitcoin-assets and ask someone nicely to !up you.

    Don't ask for a rating just to get voice. If you stick around and have a not-miserable signal-to-noise ratio, you'll probably achieve some sort of "easy come, easy go" rating within a week. If you don't, take it as a signal from the gods that you're not meant to run with these dogs.

    Any user who's been !up 'd by one of the cool kids, and is not themselves in L2, can also be !down 'd by any of the cool kids. This is in place so that when BingoBoingo gives voice to certain trolls who drive me insane I can quash their inane babbling relatively easily.

    Remember, assbot's voicing works on a Web of Trust basis. This means having your GPG toolchain set up and readily at hand.



This is stupid way to adjust SNR for a few reasons not least that it is already solved in the IRC protocol. Chanops are a group of people the founder trusts sufficiently to regulate the conversation, deal with bad actors and operate the channel in the manner he intends. Kind of like a web of trust without the numerous failures this bullshit introduces. Default deny will prevent the channel from growing, will not deflect a motivated attack, while adding a handful of SPOFs, risks and annoyance.

It's a neat experiment in creating the perfect circle jerk, a heroic cabal of IRC bloggers and thier crony's segregated from the real world by a 14' wall of smug. Only, we can achieve this with existing tools and without slaming our balls in a door.

I write this gazing into the wrong side of a netsplit the channel silently awaiting the return of its centralised authoritarian robot.

« Newer PostsOlder Posts »