@ bbb5dda0:f09e2747

GitHub Actions (CI/CD) over Nostr

I Spent quite a bit of time on getting Nostr-based GitHub actions working. I have a basic runner implementation now, which i've reworked quite a bit when working with @dan on getting the front-end of it into gitworkshop.dev. We found that the nature of these jobs don't really lend itself to fit within the NIP-90 DVM spec.

What we have now: - A dvm-cicd-runner that - Advertises itself using NIP-89 announcements. - Takes a DVM request with: - repository - branch/ref - path to workflow file (.yml) - job timeout (max duration) - 🥜 Cashu prepayment for the job timeout (to be refunded) - Pulls the repository and executes the provided workflow file - Sends logs in batches as partial job results - Publishes job results and gets displayed in gitworkshop - Gitworkshop.dev (all nostr:npub15qydau2hjma6ngxkl2cyar74wzyjshvl65za5k5rl69264ar2exs5cyejr work) UI that : - Shows available workflow runners. - Instructing + paying runner to execute workflow file - Displaying job status, live updating with the latest logs / autoscroll, all the stuff you'd expect - Neatly displaying past jobs for the current repository

TODO'S + Ideas/vision

• TODO: refunding the unused minutes (job timeout - processing time) to the requester
• TODO: create seperate kinds/nip for worflow execution over nostr
• Create separate kinds for streaming arbitrary text data over nostr (line by line logs)
• automated git watchers for projects to kick of jobs
• Separate out workflow management stuff from gitworkshop.dev. A micro-app might serve better to manage runners for git projects etc and takes away pressure from gitworkshop.dev to do it all.
• Perhaps support just running .yaml files, without the requirement to have it in a git repo. Could just be a .yaml file on blossom.

TollGate

I spent most of my time working on TollGate. There's been a lot of back and forth to the drawing board to narrow down what the TollGate protocol looks like. I helped define some concepts on implementing a tollgate which we could use as language to discuss the different components that are part of a tollgate implementation. It helped us narrow down what was implementation and what is part of the protocol.

Current state of the project

• We have a website displaying the project: TollGate.me
• Worked on a basic android app for auto payments, validating we can auto-buy from tollgates by our phones
  • demo
• Presented TollGate at @Sats 'n Facts
• There's a protocol draft, presented at SEC-04
• We've done workshops, people were able to turn an OpenWRT router into a TollGate
• Building and releasing TollGate as a singular OpenWRT package, installable on any compatible architecture
• Building and releasing TollGate OS v0.0.1 (prebuilt OpenWRT image), targeting a few specific routers
• First tollgate deployed in the wild!! (At a restaurant in Funchal, Madeira)
• Other developers started to make their own adjacent implementations, which decentralizes the protocol already

What's next:

• We're gathering useful real user feedback to be incorporated in OS v0.0.2 soon
• Refine the protocol further
• Showing TollGate at various conferences in Europe throughout the summer
• Keep building the community, it's growing fast

Epoxy (Nostr based Addressing)

Although i've pivoted towards focusing on TollGate I worked out an implementation of my NIP-(1)37 proposal. During SEC-04 I worked out this browser plugin to demonstrate one way to make websites resistant to rugpulls.

It works by looking for a meta tag in the page's head: html <meta name="nostr-pubkey" relays="relay.site.com,other.relay.com">[hexPubkey]</meta>

When we've never recorded a pubkey for this domain, we save it. This pubkey now serves as the owner of the website. It looks for a kind 11111 event of that pubkey. It should list the current domain as one of it's domains. If not, it shows a warning.

The key concept is that if we visit this website again and one of these scenario's is true: - There is no longer a meta tag - There's another pubkey in the meta tag - The pubkey is still on the webpage, but the 11111 no longer lists this domain

Then we consider this domain as RUGPULLED and the user gets an error, suggesting to navigate to other domain listed by this pubkey. I'd like it to perhaps auto-redirect to another domain listed by the owner, this is especially useful for frequently rugged domains.

This extension does try to solve a bootstrapping problem. We need to establish the website's pubkey at some point. We have to start somewhere, which is why the first load is considered as the 'real' one, since we have no way of knowing for sure.

Other

🥜/⚡️ Receipt.Cash - Social Receipt sharing app

During SEC I worked on scratching an itch that has been lingering in my mind since SEC-03 already. And now that vibecoding is a thing it wasn't this huge undertaking anymore to handle the front-end stuff (which i suck at).

The usage scenario is a bunch of bitcoiners that are at a restaurant, we get the bill and want to split it amongst each other. One person can pay the bill, then: - Payer photographs receipt - Payer adds Cashu Payment request - Payer sets dev split % - App turns the receipt + request into a (encrypted) nostr event - The payer shares the event with QR or Share Menu

The friend scan the QR: - Receipt is loaded and displayed - Friend selects items they ordered - Friend hits pay button (⚡️Lightning or 🥜Cashu) and pays - Payment gets sent to Payer's cashu wallet - Dev split set by Payer goes to dev address.

Some features: - Change LLM model that processes the receipt to extract data - Proofs storage + recovery (if anything fails during processing)

Todo's: - Letting payer configure LNURL for payouts - Letting payer edit Receipt before sharing - Fix: live updates on settled items

The repo: receipt-cash

@ fd0bcf8c:521f98c0

The vag' sits on the edge of the highway, broken, hungry. Overhead flies a transcontinental plane filled with highly paid executives. The upper class has taken to the air, the lower class to the roads: there is no longer any bond between them, they are two nations."—The Sovereign Individual

Fire

I was talking to a friend last night. Coffee in hand. Watching flames consume branches. Spring night on his porch.

He believed in America's happy ending. Debt would vanish. Inflation would cool. Manufacturing would return. Good guys win.

I nodded. I wanted to believe.

He leaned forward, toward the flame. I sat back, watching both fire and sky.

His military photos hung inside. Service medals displayed. Patriotism bone-deep.

The pendulum clock on his porch wall swung steadily. Tick. Tock. Measuring moments. Marking epochs.

History tells another story. Not tragic. Just true.

Our time has come. America cut off couldn't compete. Factories sit empty. Supply chains span oceans. Skills lack. Children lag behind. Rebuilding takes decades.

Truth hurts. Truth frees.

Cycles

History moves in waves. Every 500 years, power shifts. Systems fall. Systems rise.

500 BC - Greek coins changed everything. Markets flourished. Athens dominated.

1 AD - Rome ruled commerce. One currency. Endless roads. Bustling ports.

500 AD - Rome faded. Not overnight. Slowly. Trade withered. Cities emptied. Money debased. Roads crumbled. Local strongmen rose. Peasants sought protection. Feudalism emerged.

People still lived. Still worked. Horizons narrowed. Knowledge concentrated. Most barely survived. Rich adapted. Poor suffered.

Self-reliance determined survival. Those growing food endured. Those making essential goods continued. Those dependent on imperial systems suffered most.

1000 AD - Medieval revival began. Venice dominated seas. China printed money. Cathedrals rose. Universities formed.

1500 AD - Europeans sailed everywhere. Spanish silver flowed. Banks financed kingdoms. Companies colonized continents. Power moved west.

The pendulum swung. East to West. West to East. Civilizations rose. Civilizations fell.

2000 AD - Pattern repeats. America strains. Digital networks expand. China rises. Debt swells. Old systems break.

We stand at the hinge.

Warnings

Signs everywhere. Dollar weakens globally. BRICS builds alternatives. Yuan buys oil. Factories rust. Debt exceeds GDP. Interest consumes budgets.

Bridges crumble. Education falters. Politicians chase votes. We consume. We borrow.

Rome fell gradually. Citizens barely noticed. Taxes increased. Currency devalued. Military weakened. Services decayed. Life hardened by degrees.

East Rome adapted. Survived centuries. West fragmented. Trade shrank. Some thrived. Others suffered. Life changed permanently.

Those who could feed themselves survived best. Those who needed the system suffered worst.

Pendulum

My friend poured another coffee. The burn pile popped loudly. Sparks flew upward like dying stars.

His face changed as facts accumulated. Military man. Trained to assess threats. Detect weaknesses.

He stared at the fire. National glory reduced to embers. Something shifted in his expression. Recognition.

His fingers tightened around his mug. Knuckles white. Eyes fixed on dying flames.

I traced the horizon instead. Observing landscape. Noting the contrast.

He touched the flag on his t-shirt. I adjusted my plain gray one.

The unpayable debt. The crumbling infrastructure. The forgotten manufacturing. The dependent supply chains. The devaluing currency.

The pendulum clock ticked. Relentless. Indifferent to empires.

His eyes said what his patriotism couldn't voice. Something fundamental breaking.

I'd seen this coming. Years traveling showed me. Different systems. Different values. American exceptionalism viewed from outside.

Pragmatism replaced my old idealism. See things as they are. Not as wished.

The logs shifted. Flames reached higher. Then lower. The cycle of fire.

Divergence

Society always splits during shifts.

Some adapt. Some don't.

Printing arrived. Scribes starved. Publishers thrived. Information accelerated. Readers multiplied. Ideas spread. Adapters prospered.

Steam engines came. Weavers died. Factory owners flourished. Villages emptied. Cities grew. Coal replaced farms. Railways replaced wagons. New skills meant survival.

Computers transformed everything. Typewriters vanished. Software boomed. Data replaced paper. Networks replaced cabinets. Programmers replaced typists. Digital skills determined success.

The self-reliant thrived in each transition. Those waiting for rescue fell behind.

Now AI reshapes creativity. Some artists resist. Some harness it. Gap widens daily.

Bitcoin offers refuge. Critics mock. Adopters build wealth. The distance grows.

Remote work redraws maps. Office-bound struggle. Location-free flourish.

The pendulum swings. Power shifts. Some rise with it. Some fall against it.

Two societies emerge. Adaptive. Resistant. Prepared. Pretending.

Advantage

Early adapters win. Not through genius. Through action.

First printers built empires. First factories created dynasties. First websites became giants.

Bitcoin followed this pattern. Laptop miners became millionaires. Early buyers became legends.

Critics repeat themselves: "Too volatile." "No value." "Government ban coming."

Doubters doubt. Builders build. Gap widens.

Self-reliance accelerates adaptation. No permission needed. No consensus required. Act. Learn. Build.

The burn pile flames like empire's glory. Bright. Consuming. Temporary.

Blindness

Our brains see tigers. Not economic shifts.

We panic at headlines. We ignore decades-long trends.

We notice market drops. We miss debt cycles.

We debate tweets. We ignore revolutions.

Not weakness. Just humanity. Foresight requires work. Study. Thought.

Self-reliant thinking means seeing clearly. No comforting lies. No pleasing narratives. Just reality.

The clock pendulum swings. Time passes regardless of observation.

Action

Empires fall. Families need security. Children need futures. Lives need meaning.

You can adapt faster than nations.

Assess honestly. What skills matter now? What preserves wealth? Who helps when needed?

Never stop learning. Factory workers learned code. Taxi drivers joined apps. Photographers went digital.

Diversify globally. No country owns tomorrow. Learn languages. Make connections. Stay mobile.

Protect your money. Dying empires debase currencies. Romans kept gold. Bitcoin offers similar shelter.

Build resilience. Grow food. Make energy. Stay strong. Keep friends. Read old books. Some things never change.

Self-reliance matters most. Can you feed yourself? Can you fix things? Can you solve problems? Can you create value without systems?

Movement

Humans were nomads first. Settlers second. Movement in our blood.

Our ancestors followed herds. Sought better lands. Survival meant mobility.

The pendulum swings here too. Nomad to farmer. City-dweller to digital nomad.

Rome fixed people to land. Feudalism bound serfs to soil. Nations created borders. Companies demanded presence.

Now technology breaks chains. Work happens anywhere. Knowledge flows everywhere.

The rebuild America seeks requires fixed positions. Factory workers. Taxpaying citizens in permanent homes.

But technology enables escape. Remote work. Digital currencies. Borderless businesses.

The self-reliant understand mobility as freedom. One location means one set of rules. One economy. One fate.

Many locations mean options. Taxes become predatory? Leave. Opportunities disappear? Find new ones.

Patriotism celebrates roots. Wisdom remembers wings.

My friend's boots dug into his soil. Planted. Territorial. Defending.

My Chucks rested lightly. Ready. Adaptable. Departing.

His toolshed held equipment to maintain boundaries. Fences. Hedges. Property lines.

My backpack contained tools for crossing them. Chargers. Adapters. Currency.

The burn pile flame flickers. Fixed in place. The spark flies free. Movement its nature.

During Rome's decline, the mobile survived best. Merchants crossing borders. Scholars seeking patrons. Those tied to crumbling systems suffered most.

Location independence means personal resilience. Economic downturns become geographic choices. Political oppression becomes optional suffering.

Technology shrinks distance. Digital work. Video relationships. Online learning.

Self-sovereignty requires mobility. The option to walk away. The freedom to arrive elsewhere.

Two more worlds diverge. The rooted. The mobile. The fixed. The fluid. The loyal. The free.

Hope

Not decline. Transition. Painful but temporary.

America may weaken. Humanity advances. Technology multiplies possibilities. Poverty falls. Knowledge grows.

Falling empires see doom. Rising ones see opportunity. Both miss half the picture.

Every shift brings destruction and creation. Rome fell. Europe struggled. Farms produced less. Cities shrank. Trade broke down.

Yet innovation continued. Water mills appeared. New plows emerged. Monks preserved books. New systems evolved.

Different doesn't mean worse for everyone.

Some industries die. Others birth. Some regions fade. Others bloom. Some skills become useless. Others become gold.

The self-reliant thrive in any world. They adapt. They build. They serve. They create.

Choose your role. Nostalgia or building.

The pendulum swings. East rises again. The cycle continues.

Fading

The burn pile dimmed. Embers fading. Night air cooling.

My friend's shoulders changed. Tension releasing. Something accepted.

His patriotism remained. His illusions departed.

The pendulum clock ticked steadily. Measuring more than minutes. Measuring eras.

Two coffee cups. His: military-themed, old and chipped but cherished. Mine: plain porcelain, new and unmarked.

His eyes remained on smoldering embers. Mine moved between him and the darkening trees.

His calendar marked local town meetings. Mine tracked travel dates.

The last flame flickered out. Spring peepers filled the silence.

In darkness, we watched smoke rise. The world changing. New choices ahead.

No empire lasts forever. No comfort in denial. Only clarity in acceptance.

Self-reliance the ancient answer. Build your skills. Secure your resources. Strengthen your body. Feed your mind. Help your neighbors.

The burn pile turned to ash. Empire's glory extinguished.

He stood facing his land. I faced the road.

A nod between us. Respect across division. Different strategies for the same storm.

He turned toward his home. I toward my vehicle.

The pendulum continued swinging. Power flowing east once more. Five centuries ending. Five centuries beginning.

"Bear in mind that everything that exists is already fraying at the edges." — Marcus Aurelius

Tomorrow depends not on nations. On us.

@ 61bf790b:fe18b062

In a vast digital realm, two cities stood side by side: the towering, flashing metropolis of Feedia, and the decentralized, quiet city of Nostra.

Feedia was loud—blinding, buzzing, and always on. Screens plastered every wall, whispering the latest trends into citizens’ ears. But in this city, what you saw wasn’t up to you. It was determined by a towering, unseen force known as The Algorithm. It didn’t care what was true, meaningful, or helpful—only what would keep your eyes glued and your attention sold.

In Feedia, discovery wasn’t earned. It was assigned.

And worse—there was a caste system. To have a voice, you needed a Blue Check—a glowing badge that marked you as “worthy.” To get one, you had to pay or play. Pay monthly dues to the high towers or entertain The Algorithm enough to be deemed “valuable.” If you refused or couldn’t afford it, your voice was cast into the noise—buried beneath outrage bait and celebrity screams.

The unmarked were like ghosts—speaking into the void while the checked dined in Algorithm-favored towers. It was a digital monarchy dressed up as a democracy.

Then, there was Nostra.

There were no glowing checkmarks in Nostra—just signal. Every citizen had a light they carried, one that grew brighter the more they contributed: thoughtful posts, reshared ideas, built tools, or boosted others. Discovery was based not on payment or privilege, but participation and value.

In Nostra, you didn’t rise because you paid the gatekeeper—you rose because others lifted you. You weren’t spoon-fed; you sought, you found, you earned attention. It was harder, yes. But it was real.

And slowly, some in Feedia began to awaken. They grew tired of being fed fast-food content and ignored despite their voices. They looked across the river to Nostra, where minds weren’t bought—they were built.

And one by one, they began to cross.

@ 1b939fa8:1ebdc679

All of my outfit conversion mods and Nora's Commonwealth Reconstruction Project have requirements that are on Nexus and nowhere else. Exception for the outfit conversions is Devious Devices which is noted and links provided to Lovers Lab and other requirements. My mods are dependent on those original mods to work. If/when the originals come to DEG then I will update and remove the Nexus links in my descriptions.

YouTube: https://www.youtube.com/@VetGamerBoceifus01

X: https://x.com/boceifus2000

@ 6c67a3f3:b0ebd196

On Black-Starting the United Kingdom

In the event of a total failure of the electric grid, the United Kingdom would face a task at once technical and Sisyphean: the so-called black start — the reawakening of the nation’s darkened arteries without any external supply of power. In idealized manuals, the task is rendered brisk and clean, requiring but a few days' labor. In the world in which we live, it would be slower, more uncertain, and at times perilously close to impossible.

Let us unfold the matter layer by layer.

I. The Nature of the Undertaking

A black start is not a mere throwing of switches, but a sequential ballet. Small generating stations — diesel engines, hydro plants, gas turbines — must first breathe life into cold transmission lines. Substations must be coaxed into readiness. Load must be picked up cautiously, lest imbalance bring the whole effort to naught. Islands of power are stitched together, synchronized with exquisite care.

Each step is fraught with fragility. An unseen misalignment, an unsignaled overload, and hours of labor are lost.

II. The Dream of the Engineers

In theory, according to the National Grid Electricity System Operator (ESO), the sequence would unfold thus: within half a day, core transmission lines humming; within a day or two, hospitals lit and water flowing; within three days, cities reawakened; within a week, the nation, broadly speaking, restored to life.

This vision presupposes a fantasy of readiness: that black-start units are operational and plentiful; that communications systems, so delicately dependent on mobile networks and the internet, endure; that personnel, trained and coordinated, are on hand in sufficient numbers; and that no sabotage, no accident, no caprice of nature interrupts the dance.

III. The Real Order of Things

Reality is more obstinate. Many black-start capable plants have been shuttered in the name of efficiency. The financial incentives once offered to private generators for black-start readiness were judged insufficient; the providers withdrew.

Grid operations now rely on a lattice of private interests, demanding slow and complicated coordination. Telecommunications are vulnerable in a deep blackout. The old hands, steeped in the tacit lore of manual restoration, have retired, their knowledge scattered to the four winds. Cyber vulnerabilities have multiplied, and the grid’s physical inertia — the very thing that grants a system grace under perturbation — has grown thin, leaving the UK exposed to sudden collapses should synchronization falter.

Under such conditions, the best of hopes might yield five to ten days of partial recovery. Weeks would be required to restore the former web of normalcy. In certain cases — in the face of physical damage to high-voltage transformers, whose replacements take months if not years — black-start might founder altogether.

IV. The Quiet Admissions of Officialdom

In its polite documents, the National Grid ESO speaks carefully: essential services might see restoration within three days, but full public service would require "up to a week or longer." If designated black-start units were to fail — a real risk, given recent audits showing many unready — the timelines would stretch indefinitely.

In plain speech: in a true national blackout, the nation’s restoration would be a gamble.

V. The Forking Paths Ahead

If all proceeds well, Britain might stumble into light within three days. If the adversities accumulate — cyberattack, internal sabotage, simple human miscalculation — the process would stretch into weeks, even months. In the gravest scenarios, the nation would reconstitute not as one great engine, but as isolated islands of power, each jury-rigged and vulnerable.

Meanwhile, the paradoxical truth is that small and simple systems — the grids of Jersey, Malta, and the like — would outpace their mightier cousins, not despite their modest scale but because of it.

VI. Conclusion

The British grid, in short, is a triumph of late modernity — and like all such triumphs, it carries within itself the seeds of its own fragility. It works magnificently until the day it does not. When that day comes, recovery will be neither swift nor sure, but a slow, halting reweaving of threads too easily frayed.

@ 91bea5cd:1df4451c

O Contexto Legal Brasileiro e o Consentimento

No ordenamento jurídico brasileiro, o consentimento do ofendido pode, em certas circunstâncias, afastar a ilicitude de um ato que, sem ele, configuraria crime (como lesão corporal leve, prevista no Art. 129 do Código Penal). Contudo, o consentimento tem limites claros: não é válido para bens jurídicos indisponíveis, como a vida, e sua eficácia é questionável em casos de lesões corporais graves ou gravíssimas.

A prática de BDSM consensual situa-se em uma zona complexa. Em tese, se ambos os parceiros são adultos, capazes, e consentiram livre e informadamente nos atos praticados, sem que resultem em lesões graves permanentes ou risco de morte não consentido, não haveria crime. O desafio reside na comprovação desse consentimento, especialmente se uma das partes, posteriormente, o negar ou alegar coação.

A Lei Maria da Penha (Lei nº 11.340/2006)

A Lei Maria da Penha é um marco fundamental na proteção da mulher contra a violência doméstica e familiar. Ela estabelece mecanismos para coibir e prevenir tal violência, definindo suas formas (física, psicológica, sexual, patrimonial e moral) e prevendo medidas protetivas de urgência.

Embora essencial, a aplicação da lei em contextos de BDSM pode ser delicada. Uma alegação de violência por parte da mulher, mesmo que as lesões ou situações decorram de práticas consensuais, tende a receber atenção prioritária das autoridades, dada a presunção de vulnerabilidade estabelecida pela lei. Isso pode criar um cenário onde o parceiro masculino enfrenta dificuldades significativas em demonstrar a natureza consensual dos atos, especialmente se não houver provas robustas pré-constituídas.

Outros riscos:

Lesão corporal grave ou gravíssima (art. 129, §§ 1º e 2º, CP), não pode ser justificada pelo consentimento, podendo ensejar persecução penal.

Crimes contra a dignidade sexual (arts. 213 e seguintes do CP) são de ação pública incondicionada e independem de representação da vítima para a investigação e denúncia.

Riscos de Falsas Acusações e Alegação de Coação Futura

Os riscos para os praticantes de BDSM, especialmente para o parceiro que assume o papel dominante ou que inflige dor/restrição (frequentemente, mas não exclusivamente, o homem), podem surgir de diversas frentes:

1. Acusações Externas: Vizinhos, familiares ou amigos que desconhecem a natureza consensual do relacionamento podem interpretar sons, marcas ou comportamentos como sinais de abuso e denunciar às autoridades.
2. Alegações Futuras da Parceira: Em caso de término conturbado, vingança, arrependimento ou mudança de perspectiva, a parceira pode reinterpretar as práticas passadas como abuso e buscar reparação ou retaliação através de uma denúncia. A alegação pode ser de que o consentimento nunca existiu ou foi viciado.
3. Alegação de Coação: Uma das formas mais complexas de refutar é a alegação de que o consentimento foi obtido mediante coação (física, moral, psicológica ou econômica). A parceira pode alegar, por exemplo, que se sentia pressionada, intimidada ou dependente, e que seu "sim" não era genuíno. Provar a ausência de coação a posteriori é extremamente difícil.
4. Ingenuidade e Vulnerabilidade Masculina: Muitos homens, confiando na dinâmica consensual e na parceira, podem negligenciar a necessidade de precauções. A crença de que "isso nunca aconteceria comigo" ou a falta de conhecimento sobre as implicações legais e o peso processual de uma acusação no âmbito da Lei Maria da Penha podem deixá-los vulneráveis. A presença de marcas físicas, mesmo que consentidas, pode ser usada como evidência de agressão, invertendo o ônus da prova na prática, ainda que não na teoria jurídica.

Estratégias de Prevenção e Mitigação

Não existe um método infalível para evitar completamente o risco de uma falsa acusação, mas diversas medidas podem ser adotadas para construir um histórico de consentimento e reduzir vulnerabilidades:

1. Comunicação Explícita e Contínua: A base de qualquer prática BDSM segura é a comunicação constante. Negociar limites, desejos, palavras de segurança ("safewords") e expectativas antes, durante e depois das cenas é crucial. Manter registros dessas negociações (e-mails, mensagens, diários compartilhados) pode ser útil.

2. Documentação do Consentimento:

   • Contratos de Relacionamento/Cena: Embora a validade jurídica de "contratos BDSM" seja discutível no Brasil (não podem afastar normas de ordem pública), eles servem como forte evidência da intenção das partes, da negociação detalhada de limites e do consentimento informado. Devem ser claros, datados, assinados e, idealmente, reconhecidos em cartório (para prova de data e autenticidade das assinaturas).

   • Registros Audiovisuais: Gravar (com consentimento explícito para a gravação) discussões sobre consentimento e limites antes das cenas pode ser uma prova poderosa. Gravar as próprias cenas é mais complexo devido a questões de privacidade e potencial uso indevido, mas pode ser considerado em casos específicos, sempre com consentimento mútuo documentado para a gravação.

     Importante: a gravação deve ser com ciência da outra parte, para não configurar violação da intimidade (art. 5º, X, da Constituição Federal e art. 20 do Código Civil).

3. Testemunhas: Em alguns contextos de comunidade BDSM, a presença de terceiros de confiança durante negociações ou mesmo cenas pode servir como testemunho, embora isso possa alterar a dinâmica íntima do casal.

4. Estabelecimento Claro de Limites e Palavras de Segurança: Definir e respeitar rigorosamente os limites (o que é permitido, o que é proibido) e as palavras de segurança é fundamental. O desrespeito a uma palavra de segurança encerra o consentimento para aquele ato.
5. Avaliação Contínua do Consentimento: O consentimento não é um cheque em branco; ele deve ser entusiástico, contínuo e revogável a qualquer momento. Verificar o bem-estar do parceiro durante a cena ("check-ins") é essencial.
6. Discrição e Cuidado com Evidências Físicas: Ser discreto sobre a natureza do relacionamento pode evitar mal-entendidos externos. Após cenas que deixem marcas, é prudente que ambos os parceiros estejam cientes e de acordo, talvez documentando por fotos (com data) e uma nota sobre a consensualidade da prática que as gerou.
7. Aconselhamento Jurídico Preventivo: Consultar um advogado especializado em direito de família e criminal, com sensibilidade para dinâmicas de relacionamento alternativas, pode fornecer orientação personalizada sobre as melhores formas de documentar o consentimento e entender os riscos legais específicos.

Observações Importantes

• Nenhuma documentação substitui a necessidade de consentimento real, livre, informado e contínuo.
• A lei brasileira protege a "integridade física" e a "dignidade humana". Práticas que resultem em lesões graves ou que violem a dignidade de forma não consentida (ou com consentimento viciado) serão ilegais, independentemente de qualquer acordo prévio.
• Em caso de acusação, a existência de documentação robusta de consentimento não garante a absolvição, mas fortalece significativamente a defesa, ajudando a demonstrar a natureza consensual da relação e das práticas.

• A alegação de coação futura é particularmente difícil de prevenir apenas com documentos. Um histórico consistente de comunicação aberta (whatsapp/telegram/e-mails), respeito mútuo e ausência de dependência ou controle excessivo na relação pode ajudar a contextualizar a dinâmica como não coercitiva.

• Cuidado com Marcas Visíveis e Lesões Graves Práticas que resultam em hematomas severos ou lesões podem ser interpretadas como agressão, mesmo que consentidas. Evitar excessos protege não apenas a integridade física, mas também evita questionamentos legais futuros.

O que vem a ser consentimento viciado

No Direito, consentimento viciado é quando a pessoa concorda com algo, mas a vontade dela não é livre ou plena — ou seja, o consentimento existe formalmente, mas é defeituoso por alguma razão.

O Código Civil brasileiro (art. 138 a 165) define várias formas de vício de consentimento. As principais são:

Erro: A pessoa se engana sobre o que está consentindo. (Ex.: A pessoa acredita que vai participar de um jogo leve, mas na verdade é exposta a práticas pesadas.)

Dolo: A pessoa é enganada propositalmente para aceitar algo. (Ex.: Alguém mente sobre o que vai acontecer durante a prática.)

Coação: A pessoa é forçada ou ameaçada a consentir. (Ex.: "Se você não aceitar, eu termino com você" — pressão emocional forte pode ser vista como coação.)

Estado de perigo ou lesão: A pessoa aceita algo em situação de necessidade extrema ou abuso de sua vulnerabilidade. (Ex.: Alguém em situação emocional muito fragilizada é induzida a aceitar práticas que normalmente recusaria.)

No contexto de BDSM, isso é ainda mais delicado: Mesmo que a pessoa tenha "assinado" um contrato ou dito "sim", se depois ela alegar que seu consentimento foi dado sob medo, engano ou pressão psicológica, o consentimento pode ser considerado viciado — e, portanto, juridicamente inválido.

Isso tem duas implicações sérias:

1. O crime não se descaracteriza: Se houver vício, o consentimento é ignorado e a prática pode ser tratada como crime normal (lesão corporal, estupro, tortura, etc.).

2. A prova do consentimento precisa ser sólida: Mostrando que a pessoa estava informada, lúcida, livre e sem qualquer tipo de coação.

   Consentimento viciado é quando a pessoa concorda formalmente, mas de maneira enganada, forçada ou pressionada, tornando o consentimento inútil para efeitos jurídicos.

Conclusão

Casais que praticam BDSM consensual no Brasil navegam em um terreno que exige não apenas confiança mútua e comunicação excepcional, mas também uma consciência aguçada das complexidades legais e dos riscos de interpretações equivocadas ou acusações mal-intencionadas. Embora o BDSM seja uma expressão legítima da sexualidade humana, sua prática no Brasil exige responsabilidade redobrada. Ter provas claras de consentimento, manter a comunicação aberta e agir com prudência são formas eficazes de se proteger de falsas alegações e preservar a liberdade e a segurança de todos os envolvidos. Embora leis controversas como a Maria da Penha sejam "vitais" para a proteção contra a violência real, os praticantes de BDSM, e em particular os homens nesse contexto, devem adotar uma postura proativa e prudente para mitigar os riscos inerentes à potencial má interpretação ou instrumentalização dessas práticas e leis, garantindo que a expressão de sua consensualidade esteja resguardada na medida do possível.

---

Importante: No Brasil, mesmo com tudo isso, o Ministério Público pode denunciar por crime como lesão corporal grave, estupro ou tortura, independente de consentimento. Então a prudência nas práticas é fundamental.

Aviso Legal: Este artigo tem caráter meramente informativo e não constitui aconselhamento jurídico. As leis e interpretações podem mudar, e cada situação é única. Recomenda-se buscar orientação de um advogado qualificado para discutir casos específicos.

Se curtiu este artigo faça uma contribuição, se tiver algum ponto relevante para o artigo deixe seu comentário.

@ 7e538978:a5987ab6

In Jericoacoara, Brazil, a beach town famed for its natural beauty and vibrant tourism, an innovative project is quietly reshaping how locals and visitors think about money. Praia Bitcoin is an ambitious initiative to build a circular economy powered entirely by Bitcoin.

Launched in 2021 by entrepreneur Fernando Motolese, Praia Bitcoin was inspired by the Bitcoin Beach project in El Zonte, El Salvador. The vision is simple: create a self-sustaining Bitcoin economy where businesses and individuals use Bitcoin everyday in place of fiat money.

This idea holds special significance in Jericoacoara, where traditional banking services are scarce. The town lacks even basic infrastructure like ATMs, making financial inclusion a pressing need. With Praia Bitcoin, Bitcoin isn’t just a store of value—it’s a tool to empower a community and connect it to the global economy.

Transforming Jericoacoara with Bitcoin

Since its inception, Praia Bitcoin has worked to foster Bitcoin adoption in the area. Starting with a modest donation of 0.02 BTC, Fernando and his team have built a thriving ecosystem:

• Over 40 businesses now accept Bitcoin, ranging from souvenir shops and tour operators to beach vendors.
• Local students have received Bitcoin-loaded tap-to-pay, Bolt Cards, to use in their daily lives.
• Creative initiatives like “Bitcoin Banana Day” or "Frutas por Sats" (fruits for sats) where children buy fruits for 10 satoshis at school, have brought global attention to the project.

Praia Bitcoin’s success isn’t just about the adoption numbers, it’s about the stories. Families use Bitcoin to shop, business owners save on transaction fees, and children are learning the value of sound money at an early age.

LNbits - The Technology Behind Praia Bitcoin

Creating an economy on Bitcoin’s Lightning Network requires more than enthusiasm, it needs robust tools that are easy to use and adaptable to local needs. That’s where LNbits comes in.

Fernando and the Praia Bitcoin team have used LNbits’ open-source software to solve practical challenges and scale the project. With its modular design, LNbits provides tools that allow Praia Bitcoin to:

• Set Up Wallets: Community members receive user-friendly wallets that connect seamlessly to the Lightning Network, enabling fast, low-cost transactions.
• Issue BoltCards: Using LNbits’ BoltCard extension, the team has distributed NFC-enabled cards, allowing tap-to-pay functionality that makes Bitcoin payments as simple as using a credit card.
• Enable Flexible Payments: The project utilizes LNbits’ Point of Sale TPoS extension that allows merchants to easily receive Lightning Network payments.

Breaking Records, Building Community

Fernando doesn’t just implement solutions, he pushes boundaries. One of his most remarkable achievements was an attempt to set a world record for the most Lightning Network payments in the shortest amount of time. Over the course of one afternoon, 100 children in Jericoacoara received payments of 21,000 satoshis each, demonstrating the scalability and speed of Lightning-powered transactions.

This wasn’t just a technical feat, it was a community moment. The event showed how Bitcoin could serve as a tool for engagement, education, and empowerment, all while highlighting the possibilities of using the Lightning Network for real-world applications.

A Collaborative Approach to Innovation

One of the unique strengths of LNbits is its ability to evolve based on community feedback. While Fernando Motolese and Praia Bitcoin operate independently, their insights have helped refine the LNbits platform.

For example, Fernando’s need for a PIN-less ATM functionality led the LNbits team to implement that feature in the TPoS extension, that had the functionality but required a security PIN. This kind of collaboration isn’t about formal partnerships. It’s about how an open-source ecosystem thrives when real-world needs drive innovation.

The feedback loop between users like Fernando and developers ensures LNbits remains practical and relevant—not just for Praia Bitcoin but for countless other projects worldwide.

The Ripple Effect of Praia Bitcoin

Praia Bitcoin is a case study in what’s possible when Bitcoin meets a strong vision. By leveraging Bitcoin, the Lightning Network and LNbits, the project has redefined financial access in Jericoacoara, proving that small communities can lead big innovations.

For LNbits, Praia Bitcoin showcases the value of adaptable, open-source solutions. Whether it’s creating wallets, enabling NFC payments, or refining tools for real-world use, LNbits provides the infrastructure that makes projects like Praia Bitcoin possible.

But beyond the technical achievements, Praia Bitcoin reminds us of the human impact of Bitcoin adoption. It’s about children buying their first bananas with satoshis, families running businesses with lower fees, and a community connecting to a global financial network for the first time.

Conclusion

Praia Bitcoin’s journey is only getting started and its success is inspiring similar initiatives worldwide. For LNbits, being part of this story, is a testament to the power of the software and of open-source collaboration.

If you’re ready to build the future of Bitcoin adoption, LNbits offers the tools to turn ideas into impact.

Learn More:
- Visit Praia Bitcoin: Praia Bitcoin
- Explore LNbits: LNbits

@ a4043831:3b64ac02

A professional financial advisor can guide you to achieve long-term financial stability. They can assist you to define your goals to formulate strategic planning coupled with rational decision-making. Since the options are varied and multiple, how can you go about choosing a fiduciary financial advisor whose approach matches their financial goals? This guide explains exactly how to pick a financial advisor who suits your individual financial targets.

Defining Your Financial Needs and Goals

You need to specify your financial aspirations as well as your essential requirements so an advisor can create a suitable plan for your portfolio. Starters should establish their monetary targets before initiating contact with financial consultants. Any objective requires planning such as retirement preparation and investment management and education savings along with wealth protection and growth needs to be identified. Knowing your financial goals helps you determine if an advisor’s experience matches the needs of reaching your targets. Before you conduct meetings with possible financial advisors you need to have clearly established financial goals which will make these meetings goal-focused and beneficial.

Trusted financial advisors at Passive Capital Management can help you check out financial plan tailored to your needs and goals.

Look For Professional Credentials and Qualifications

Review carefully the advisor’s qualifications after you establish your goals. The strict training and ethical assessments that CFP Certified Financial Planner and the CFA Chartered Financial Analyst professionals demonstrate their professionalism. The designations set by these organizations prove advisors maintain knowledge in planning, investments and regulatory requirements. It is essential to verify that the advisor operates under fiduciary standards since this legal requirement ensures they must always act according to your benefit. It is essential to verify if an advisor functions as a fiduciary all the time because some only act under specified circumstances. Get a direct and unambiguous statement about their status. Under fiduciary relationships your financial security stands as the main priority of your financial advisor while fiduciary arrangements reduce potential conflicts between your interests.

Understand the Advisor’s Investment Approach

While consulting an advisor, you might encounter several hidden conflicts of interest. So a robust advisor-client connection based on their mutual investment approach including strategy selection is essential. Review the risk approaches of your advisor through inquiries to learn about their portfolio design strategies and market investment strategies. Technical competence must be combined with an awareness of your risk tolerance and time preferences according to their responses. A reliable advisor will adapt their investment methods to match the risk tolerance of their client combined with their financial destination.

Review their Service Package and Communication Style

A competent financial advisor functions past standard investment management duties. Their service range needs to include full-scale financial planning in areas such as retirement income strategies along with tax and estate planning solutions and insurance assessments. Check that their service suite matches your financial development needs. The advisor needs to maintain both clear and predictable ways of communication. Reveal their review process schedule and disclosure methods for reporting metrics as well as their availability to respond to questions at any time during the year. Professional communication builds reliable relationships that involve active participant commitment in planning activities.

Clarify the Fee Structure

Knowing how your advisor gets paid gives you the essential knowledge needed for building trust between you both. Financial advisors conduct business through payment structures which include flat fees, percentage-based fees on managed assets and extra earnings from their advisory products. The different compensation models bring their own effects and outcomes to the process. The most significant aspect for you is receiving clear explanations about fees while they are in alignment with your financial planning. The first practice of transparent communication by an advisor suggests they will uphold that approach during your entire time together.

Conclusion

Alongside numerical expertise your ideal advisor should function as a trustworthy partner because they will dedicate themselves to your financial growth. Strategic decision-making depends on the establishment of clear objectives and verification of expertise as well as confirmation of fiduciary principles and comprehensive evaluation of communication methods and associated fees. Your financial destiny requires organized assessment along with expert consulting while the correct professional consultant enables you to move through every phase of your path with obvious direction and solid self-assurance.

@ d34e832d:383f78d0

As computing needs evolve toward speed, reliability, and efficiency, understanding the landscape of storage technologies becomes crucial for system builders, IT professionals, and performance enthusiasts. This idea compares traditional Hard Disk Drives (HDDs) with various Solid-State Drive (SSD) technologies including SATA SSDs, mSATA, M.2 SATA, and M.2 NVMe. It explores differences in form factors, interfaces, memory types, and generational performance to empower informed decisions on selecting optimal storage.

---

1. Storage Device Overview

1.1 HDDs – Hard Disk Drives

• Mechanism: Mechanical platters + spinning disk.
• Speed: ~80–160 MB/s.
• Cost: Low cost per GB.
• Durability: Susceptible to shock; moving parts prone to wear.
• Use Case: Mass storage, backups, archival.

1.2 SSDs – Solid State Drives

• Mechanism: Flash memory (NAND-based); no moving parts.
• Speed: SATA SSDs (~550 MB/s), NVMe SSDs (>7,000 MB/s).
• Durability: High resistance to shock and temperature.
• Use Case: Operating systems, apps, high-speed data transfer.

---

2. Form Factors

| Form Factor | Dimensions | Common Usage | |------------------|------------------------|--------------------------------------------| | 2.5-inch | 100mm x 69.85mm x 7mm | Laptops, desktops (SATA interface) | | 3.5-inch | 146mm x 101.6mm x 26mm | Desktops/servers (HDD only) | | mSATA | 50.8mm x 29.85mm | Legacy ultrabooks, embedded systems | | M.2 | 22mm wide, lengths vary (2242, 2260, 2280, 22110) | Modern laptops, desktops, NUCs |

Note: mSATA is being phased out in favor of the more versatile M.2 standard.

---

3. Interfaces & Protocols

3.1 SATA (Serial ATA)

• Max Speed: ~550 MB/s (SATA III).
• Latency: Higher.
• Protocol: AHCI.
• Compatibility: Broad support, backward compatible.

3.2 NVMe (Non-Volatile Memory Express)

• Max Speed:
• Gen 3: ~3,500 MB/s
• Gen 4: ~7,000 MB/s
• Gen 5: ~14,000 MB/s
• Latency: Very low.
• Protocol: NVMe (optimized for NAND flash).
• Interface: PCIe lanes (usually via M.2 slot).

NVMe significantly outperforms SATA due to reduced overhead and direct PCIe access.

---

4. Key Slot & Compatibility (M.2 Drives)

| Drive Type | Key | Interface | Typical Use | |------------------|----------------|---------------|-----------------------| | M.2 SATA | B+M key | SATA | Budget laptops/desktops | | M.2 NVMe (PCIe) | M key only | PCIe Gen 3–5 | Performance PCs/gaming |

⚠️ Important: Not all M.2 slots support NVMe. Check motherboard specs for PCIe compatibility.

---

5. SSD NAND Memory Types

| Type | Bits/Cell | Speed | Endurance | Cost | Use Case | |---------|---------------|-----------|---------------|----------|--------------------------------| | SLC | 1 | ⭐⭐⭐⭐ | ⭐⭐⭐⭐ | $$$$ | Enterprise caching | | MLC | 2 | ⭐⭐⭐ | ⭐⭐⭐ | $$$ | Pro-grade systems | | TLC | 3 | ⭐⭐ | ⭐⭐ | $$ | Consumer, gaming | | QLC | 4 | ⭐ | ⭐ | $ | Budget SSDs, media storage |

---

6. 3D NAND / V-NAND Technology

• Traditional NAND: Planar (flat) design.
• 3D NAND: Stacks cells vertically—more density, less space.
• Benefits:
• Greater capacity
• Better power efficiency
• Improved lifespan

Samsung’s V-NAND is a branded 3D NAND variant known for high endurance and stability.

---

7. Performance & Generational Comparison

| PCIe Gen | Max Speed | Use Case | |--------------|---------------|----------------------------------| | Gen 3 | ~3,500 MB/s | Mainstream laptops/desktops | | Gen 4 | ~7,000 MB/s | Gaming, prosumer, light servers | | Gen 5 | ~14,000 MB/s | AI workloads, enterprise |

Drives are backward compatible, but will operate at the host’s maximum supported speed.

---

8. Thermal Management

• NVMe SSDs generate heat—especially Gen 4/5.
• Heatsinks and thermal pads are vital for:
• Sustained performance (prevent throttling)
• Longer lifespan
• Recommended to leave 10–20% free space for optimal SSD wear leveling and garbage collection.

---

9. HDD vs SSD: Summary

| Aspect | HDD | SSD | |------------------|---------------------|------------------------------| | Speed | 80–160 MB/s | 550 MB/s – 14,000 MB/s | | Durability | Low (mechanical) | High (no moving parts) | | Lifespan | Moderate | High (depends on NAND type) | | Cost | Lower per GB | Higher per GB | | Noise | Audible | Silent |

---

10. Brand Recommendations

| Brand | Strength | |------------------|-----------------------------------------| | Samsung | Leading in performance (980 Pro, 990 Pro) | | Western Digital | Reliable Gen 3/4/5 drives (SN770, SN850X) | | Crucial | Budget-friendly, solid TLC drives (P3, P5 Plus) | | Kingston | Value-oriented SSDs (A2000, NV2) |

---

11. How to Choose the Right SSD

1. Check your device slot: Is it M.2 B+M, M-key, or SATA-only?
2. Interface compatibility: Confirm if the M.2 slot supports NVMe or only SATA.
3. Match PCIe Gen: Use Gen 3/4/5 based on CPU/motherboard lanes.
4. Pick NAND type: TLC for best balance of speed/longevity.
5. Thermal plan: Use heatsinks or fans for Gen 4+ drives.
6. Capacity need: Leave headroom (15–20%) for performance and lifespan.
7. Trustworthy brands: Stick to Samsung, WD, Crucial for warranty and quality.

---

Consider

From boot speed to data integrity, SSDs have revolutionized how modern systems handle storage. While HDDs remain relevant for mass archival, NVMe SSDs—especially those leveraging PCIe Gen 4 and Gen 5—dominate in speed-critical workflows. M.2 NVMe is the dominant form factor for futureproof builds, while understanding memory types like TLC vs. QLC ensures better longevity planning.

Whether you’re upgrading a laptop, building a gaming rig, or running a self-hosted Bitcoin node, choosing the right form factor, interface, and NAND type can dramatically impact system performance and reliability.

---

Resources & Further Reading

• How-Fixit Storage Guides
• Kingston SSD Reliability Guide
• Western Digital Product Lines
• Samsung V-NAND Explained
• PCIe Gen 5 Benchmarks

Options

🔧 Recommended SSDs and Tools (Amazon)

1. Kingston A400 240GB SSD – SATA 3 2.5"
   https://a.co/d/41esjYL

2. Samsung 970 EVO Plus 2TB NVMe M.2 SSD – Gen 3
   https://a.co/d/6EMVAN1

3. Crucial P5 Plus 1TB PCIe Gen4 NVMe M.2 SSD
   https://a.co/d/hQx50Cq

4. WD Blue SN570 1TB NVMe SSD – PCIe Gen 3
   https://a.co/d/j2zSDCJ

5. Sabrent Rocket Q 2TB NVMe SSD – QLC NAND
   https://a.co/d/325Og2K

6. Thermalright M.2 SSD Heatsink Kit
   https://a.co/d/0IYH3nK

7. ORICO M.2 NVMe SSD Enclosure – USB 3.2 Gen2
   https://a.co/d/aEwQmih

---

🛠️ DIY & Fix Resource

• How-Fixit – PC Repair Guides and Tutorials
  https://www.how-fixit.com/

In Addition

Modern Storage Technologies and Mini NAS Implementation

---

1. Network Attached Storage (NAS) system

In the rapidly evolving landscape of data storage, understanding the nuances of various storage technologies is crucial for optimal system design and performance. This idea delves into the distinctions between traditional Hard Disk Drives (HDDs), Solid State Drives (SSDs), and advanced storage interfaces like M.2 NVMe, M.2 SATA, and mSATA. Additionally, it explores the implementation of a compact Network Attached Storage (NAS) system using the Nookbox G9, highlighting its capabilities and limitations.

---

2. Storage Technologies Overview

2.1 Hard Disk Drives (HDDs)

• Mechanism: Utilize spinning magnetic platters and read/write heads.
• Advantages:
• Cost-effective for large storage capacities.
• Longer lifespan in low-vibration environments.
• Disadvantages:
• Slower data access speeds.
• Susceptible to mechanical failures due to moving parts.

2.2 Solid State Drives (SSDs)

• Mechanism: Employ NAND flash memory with no moving parts.
• Advantages:
• Faster data access and boot times.
• Lower power consumption and heat generation.
• Enhanced durability and shock resistance.
• Disadvantages:
• Higher cost per gigabyte compared to HDDs.
• Limited write cycles, depending on NAND type.

---

3. SSD Form Factors and Interfaces

3.1 Form Factors

• 2.5-Inch: Standard size for laptops and desktops; connects via SATA interface.
• mSATA: Miniature SATA interface, primarily used in ultrabooks and embedded systems; largely supplanted by M.2.
• M.2: Versatile form factor supporting both SATA and NVMe interfaces; prevalent in modern systems.

3.2 Interfaces

• SATA (Serial ATA):
• Speed: Up to 600 MB/s.
• Compatibility: Widely supported across various devices.

• Limitation: Bottleneck for high-speed SSDs.

• NVMe (Non-Volatile Memory Express):

• Speed: Ranges from 3,500 MB/s (PCIe Gen 3) to over 14,000 MB/s (PCIe Gen 5).
• Advantage: Direct communication with CPU via PCIe lanes, reducing latency.
• Consideration: Requires compatible motherboard and BIOS support.

---

4. M.2 SATA vs. M.2 NVMe

| Feature | M.2 SATA | M.2 NVMe | |------------------------|--------------------------------------------------|----------------------------------------------------| | Interface | SATA III (AHCI protocol) | PCIe (NVMe protocol) | | Speed | Up to 600 MB/s | Up to 14,000 MB/s (PCIe Gen 5) | | Compatibility | Broad compatibility with older systems | Requires NVMe-compatible M.2 slot and BIOS support | | Use Case | Budget builds, general computing | High-performance tasks, gaming, content creation |

Note: M.2 NVMe drives are not backward compatible with M.2 SATA slots due to differing interfaces and keying.

---

5. NAND Flash Memory Types

Understanding NAND types is vital for assessing SSD performance and longevity.

• SLC (Single-Level Cell):
• Bits per Cell: 1
• Endurance: ~100,000 write cycles

• Use Case: Enterprise and industrial applications

• MLC (Multi-Level Cell):

• Bits per Cell: 2
• Endurance: ~10,000 write cycles

• Use Case: Consumer-grade SSDs

• TLC (Triple-Level Cell):

• Bits per Cell: 3
• Endurance: ~3,000 write cycles

• Use Case: Mainstream consumer SSDs

• QLC (Quad-Level Cell):

• Bits per Cell: 4
• Endurance: ~1,000 write cycles

• Use Case: Read-intensive applications

• 3D NAND:

• Structure: Stacks memory cells vertically to increase density.
• Advantage: Enhances performance and endurance across NAND types.

---

6. Thermal Management and SSD Longevity

Effective thermal management is crucial for maintaining SSD performance and lifespan.

• Heatsinks: Aid in dissipating heat from SSD controllers.
• Airflow: Ensuring adequate case ventilation prevents thermal throttling.
• Monitoring: Regularly check SSD temperatures, especially under heavy workloads.

---

7. Trusted SSD Manufacturers

Selecting SSDs from reputable manufacturers ensures reliability and support.

• Samsung: Known for high-performance SSDs with robust software support.
• Western Digital (WD): Offers a range of SSDs catering to various user needs.
• Crucial (Micron): Provides cost-effective SSD solutions with solid performance.

---

8. Mini NAS Implementation: Nookbox G9 Case Study

8.1 Overview

The Nookbox G9 is a compact NAS solution designed to fit within a 1U rack space, accommodating four M.2 NVMe SSDs.

8.2 Specifications

• Storage Capacity: Supports up to 8TB using four 2TB NVMe SSDs.
• Interface: Each M.2 slot operates at PCIe Gen 3x2.
• Networking: Equipped with 2.5 Gigabit Ethernet ports.
• Operating System: Comes pre-installed with Windows 11; compatible with Linux distributions like Ubuntu 24.10.

8.3 Performance and Limitations

• Throughput: Network speeds capped at ~250 MB/s due to 2.5 GbE limitation.
• Thermal Issues: Inadequate cooling leads to SSD temperatures reaching up to 80°C under load, causing potential throttling and system instability.
• Reliability: Reports of system reboots and lockups during intensive operations, particularly with ZFS RAIDZ configurations.

8.4 Recommendations

• Cooling Enhancements: Implement third-party heatsinks to improve thermal performance.
• Alternative Solutions: Consider NAS systems with better thermal designs and higher network throughput for demanding applications.

---

9. Consider

Navigating the myriad of storage technologies requires a comprehensive understanding of form factors, interfaces, and memory types. While HDDs offer cost-effective bulk storage, SSDs provide superior speed and durability. The choice between M.2 SATA and NVMe hinges on performance needs and system compatibility. Implementing compact NAS solutions like the Nookbox G9 necessitates careful consideration of thermal management and network capabilities to ensure reliability and performance.

Product Links (Amazon)

1. Thermal Heatsink for M.2 SSDs (Must-have for stress and cooling)
   https://a.co/d/43B1F3t

2. Nookbox G9 – Mini NAS
   https://a.co/d/3dswvGZ

3. Alternative 1: Possibly related cooling or SSD gear
   https://a.co/d/c0Eodm3

4. Alternative 2: Possibly related NAS accessories or SSDs
   https://a.co/d/9gWeqDr

---

Benchmark Results (Geekbench)

1. GMKtec G9 Geekbench CPU Score #1
   https://browser.geekbench.com/v6/cpu/11471182

2. GMKtec G9 Geekbench CPU Score #2
   https://browser.geekbench.com/v6/cpu/11470130

3. GMKtec Geekbench User Profile
   https://browser.geekbench.com/user/446940

@ c1157704:6423de51

English: "Politicians steal billions and get light sentences, while the poor get jailed for stealing bread. Is the law just a tool for the rich?"

@ 3bf0c63f:aefa459d

Redistributing Git with Nostr

Every time someone tries to "decentralize" Git -- like many projects tried in the past to do it with BitTorrent, IPFS, ScuttleButt or custom p2p protocols -- there is always a lurking comment: "but Git is already distributed!", and then the discussion proceeds to mention some facts about how Git supports multiple remotes and its magic syncing and merging abilities and so on.

Turns out all that is true, Git is indeed all that powerful, and yet GitHub is the big central hub that hosts basically all Git repositories in the giant world of open-source. There are some crazy people that host their stuff elsewhere, but these projects end up not being found by many people, and even when they do they suffer from lack of contributions.

Because everybody has a GitHub account it's easy to open a pull request to a repository of a project you're using if it's on GitHub (to be fair I think it's very annoying to have to clone the repository, then add it as a remote locally, push to it, then go on the web UI and click to open a pull request, then that cloned repository lurks forever in your profile unless you go through 16 screens to delete it -- but people in general seem to think it's easy).

It's much harder to do it on some random other server where some project might be hosted, because now you have to add 4 more even more annoying steps: create an account; pick a password; confirm an email address; setup SSH keys for pushing. (And I'm not even mentioning the basic impossibility of offering push access to external unknown contributors to people who want to host their own simple homemade Git server.)

At this point some may argue that we could all have accounts on GitLab, or Codeberg or wherever else, then those steps are removed. Besides not being a practical strategy this pseudo solution misses the point of being decentralized (or distributed, who knows) entirely: it's far from the ideal to force everybody to have the double of account management and SSH setup work in order to have the open-source world controlled by two shady companies instead of one.

What we want is to give every person the opportunity to host their own Git server without being ostracized. at the same time we must recognize that most people won't want to host their own servers (not even most open-source programmers!) and give everybody the ability to host their stuff on multi-tenant servers (such as GitHub) too. Importantly, though, if we allow for a random person to have a standalone Git server on a standalone server they host themselves on their wood cabin that also means any new hosting company can show up and start offering Git hosting, with or without new cool features, charging high or low or zero, and be immediately competing against GitHub or GitLab, i.e. we must remove the network-effect centralization pressure.

External contributions

The first problem we have to solve is: how can Bob contribute to Alice's repository without having an account on Alice's server?

SourceHut has reminded GitHub users that Git has always had this (for most) arcane git send-email command that is the original way to send patches, using an once-open protocol.

Turns out Nostr acts as a quite powerful email replacement and can be used to send text content just like email, therefore patches are a very good fit for Nostr event contents.

Once you get used to it and the proper UIs (or CLIs) are built sending and applying patches to and from others becomes a much easier flow than the intense clickops mixed with terminal copypasting that is interacting with GitHub (you have to clone the repository on GitHub, then update the remote URL in your local directory, then create a branch and then go back and turn that branch into a Pull Request, it's quite tiresome) that many people already dislike so much they went out of their way to build many GitHub CLI tools just so they could comment on issues and approve pull requests from their terminal.

Replacing GitHub features

Aside from being the "hub" that people use to send patches to other people's code (because no one can do the email flow anymore, justifiably), GitHub also has 3 other big features that are not directly related to Git, but that make its network-effect harder to overcome. Luckily Nostr can be used to create a new environment in which these same features are implemented in a more decentralized and healthy way.

Issues: bug reports, feature requests and general discussions

Since the "Issues" GitHub feature is just a bunch of text comments it should be very obvious that Nostr is a perfect fit for it.

I will not even mention the fact that Nostr is much better at threading comments than GitHub (which doesn't do it at all), which can generate much more productive and organized discussions (and you can opt out if you want).

Search

I use GitHub search all the time to find libraries and projects that may do something that I need, and it returns good results almost always. So if people migrated out to other code hosting providers wouldn't we lose it?

The fact is that even though we think everybody is on GitHub that is a globalist falsehood. Some projects are not on GitHub, and if we use only GitHub for search those will be missed. So even if we didn't have a Nostr Git alternative it would still be necessary to create a search engine that incorporated GitLab, Codeberg, SourceHut and whatnot.

Turns out on Nostr we can make that quite easy by not forcing anyone to integrate custom APIs or hardcoding Git provider URLs: each repository can make itself available by publishing an "announcement" event with a brief description and one or more Git URLs. That makes it easy for a search engine to index them -- and even automatically download the code and index the code (or index just README files or whatever) without a centralized platform ever having to be involved.

The relays where such announcements will be available play a role, of course, but that isn't a bad role: each announcement can be in multiple relays known for storing "public good" projects, some relays may curate only projects known to be very good according to some standards, other relays may allow any kind of garbage, which wouldn't make them good for a search engine to rely upon, but would still be useful in case one knows the exact thing (and from whom) they're searching for (the same is valid for all Nostr content, by the way, and that's where it's censorship-resistance comes from).

Continuous integration

GitHub Actions are a very hardly subsidized free-compute-for-all-paid-by-Microsoft feature, but one that isn't hard to replace at all. In fact there exists today many companies offering the same kind of service out there -- although they are mostly targeting businesses and not open-source projects, before GitHub Actions was introduced there were also many that were heavily used by open-source projects.

One problem is that these services are still heavily tied to GitHub today, they require a GitHub login, sometimes BitBucket and GitLab and whatnot, and do not allow one to paste an arbitrary Git server URL, but that isn't a thing that is very hard to change anyway, or to start from scratch. All we need are services that offer the CI/CD flows, perhaps using the same framework of GitHub Actions (although I would prefer to not use that messy garbage), and charge some few satoshis for it.

It may be the case that all the current services only support the big Git hosting platforms because they rely on their proprietary APIs, most notably the webhooks dispatched when a repository is updated, to trigger the jobs. It doesn't have to be said that Nostr can also solve that problem very easily.

@ 38e82785:9f8bc340

te

@ 56cd780f:cbde8b29

And this is the regular text.

@ 40b9c85f:5e61b451

Introduction

Data Vending Machines (DVMs) have emerged as a crucial component of the Nostr ecosystem, offering specialized computational services to clients across the network. As defined in NIP-90, DVMs operate on an apparently simple principle: "data in, data out." They provide a marketplace for data processing where users request specific jobs (like text translation, content recommendation, or AI text generation)

While DVMs have gained significant traction, the current specification faces challenges that hinder widespread adoption and consistent implementation. This article explores some ideas on how we can apply the reflection pattern, a well established approach in RPC systems, to address these challenges and improve the DVM ecosystem's clarity, consistency, and usability.

The Current State of DVMs: Challenges and Limitations

The NIP-90 specification provides a broad framework for DVMs, but this flexibility has led to several issues:

1. Inconsistent Implementation

As noted by hzrd149 in "DVMs were a mistake" every DVM implementation tends to expect inputs in slightly different formats, even while ostensibly following the same specification. For example, a translation request DVM might expect an event ID in one particular format, while an LLM service could expect a "prompt" input that's not even specified in NIP-90.

2. Fragmented Specifications

The DVM specification reserves a range of event kinds (5000-6000), each meant for different types of computational jobs. While creating sub-specifications for each job type is being explored as a possible solution for clarity, in a decentralized and permissionless landscape like Nostr, relying solely on specification enforcement won't be effective for creating a healthy ecosystem. A more comprehensible approach is needed that works with, rather than against, the open nature of the protocol.

3. Ambiguous API Interfaces

There's no standardized way for clients to discover what parameters a specific DVM accepts, which are required versus optional, or what output format to expect. This creates uncertainty and forces developers to rely on documentation outside the protocol itself, if such documentation exists at all.

The Reflection Pattern: A Solution from RPC Systems

The reflection pattern in RPC systems offers a compelling solution to many of these challenges. At its core, reflection enables servers to provide metadata about their available services, methods, and data types at runtime, allowing clients to dynamically discover and interact with the server's API.

In established RPC frameworks like gRPC, reflection serves as a self-describing mechanism where services expose their interface definitions and requirements. In MCP reflection is used to expose the capabilities of the server, such as tools, resources, and prompts. Clients can learn about available capabilities without prior knowledge, and systems can adapt to changes without requiring rebuilds or redeployments. This standardized introspection creates a unified way to query service metadata, making tools like grpcurl possible without requiring precompiled stubs.

How Reflection Could Transform the DVM Specification

By incorporating reflection principles into the DVM specification, we could create a more coherent and predictable ecosystem. DVMs already implement some sort of reflection through the use of 'nip90params', which allow clients to discover some parameters, constraints, and features of the DVMs, such as whether they accept encryption, nutzaps, etc. However, this approach could be expanded to provide more comprehensive self-description capabilities.

1. Defined Lifecycle Phases

Similar to the Model Context Protocol (MCP), DVMs could benefit from a clear lifecycle consisting of an initialization phase and an operation phase. During initialization, the client and DVM would negotiate capabilities and exchange metadata, with the DVM providing a JSON schema containing its input requirements. nip-89 (or other) announcements can be used to bootstrap the discovery and negotiation process by providing the input schema directly. Then, during the operation phase, the client would interact with the DVM according to the negotiated schema and parameters.

2. Schema-Based Interactions

Rather than relying on rigid specifications for each job type, DVMs could self-advertise their schemas. This would allow clients to understand which parameters are required versus optional, what type validation should occur for inputs, what output formats to expect, and what payment flows are supported. By internalizing the input schema of the DVMs they wish to consume, clients gain clarity on how to interact effectively.

3. Capability Negotiation

Capability negotiation would enable DVMs to advertise their supported features, such as encryption methods, payment options, or specialized functionalities. This would allow clients to adjust their interaction approach based on the specific capabilities of each DVM they encounter.

Implementation Approach

While building DVMCP, I realized that the RPC reflection pattern used there could be beneficial for constructing DVMs in general. Since DVMs already follow an RPC style for their operation, and reflection is a natural extension of this approach, it could significantly enhance and clarify the DVM specification.

A reflection enhanced DVM protocol could work as follows: 1. Discovery: Clients discover DVMs through existing NIP-89 application handlers, input schemas could also be advertised in nip-89 announcements, making the second step unnecessary. 2. Schema Request: Clients request the DVM's input schema for the specific job type they're interested in 3. Validation: Clients validate their request against the provided schema before submission 4. Operation: The job proceeds through the standard NIP-90 flow, but with clearer expectations on both sides

Parallels with Other Protocols

This approach has proven successful in other contexts. The Model Context Protocol (MCP) implements a similar lifecycle with capability negotiation during initialization, allowing any client to communicate with any server as long as they adhere to the base protocol. MCP and DVM protocols share fundamental similarities, both aim to expose and consume computational resources through a JSON-RPC-like interface, albeit with specific differences.

gRPC's reflection service similarly allows clients to discover service definitions at runtime, enabling generic tools to work with any gRPC service without prior knowledge. In the REST API world, OpenAPI/Swagger specifications document interfaces in a way that makes them discoverable and testable.

DVMs would benefit from adopting these patterns while maintaining the decentralized, permissionless nature of Nostr.

Conclusion

I am not attempting to rewrite the DVM specification; rather, explore some ideas that could help the ecosystem improve incrementally, reducing fragmentation and making the ecosystem more comprehensible. By allowing DVMs to self describe their interfaces, we could maintain the flexibility that makes Nostr powerful while providing the structure needed for interoperability.

For developers building DVM clients or libraries, this approach would simplify consumption by providing clear expectations about inputs and outputs. For DVM operators, it would establish a standard way to communicate their service's requirements without relying on external documentation.

I am currently developing DVMCP following these patterns. Of course, DVMs and MCP servers have different details; MCP includes capabilities such as tools, resources, and prompts on the server side, as well as 'roots' and 'sampling' on the client side, creating a bidirectional way to consume capabilities. In contrast, DVMs typically function similarly to MCP tools, where you call a DVM with an input and receive an output, with each job type representing a different categorization of the work performed.

Without further ado, I hope this article has provided some insight into the potential benefits of applying the reflection pattern to the DVM specification.

@ 56cd780f:cbde8b29

I will add a picture, a hyperlink and a video. Let’s see if it works.

Click here for youtube!

@ 4ba8e86d:89d32de4

Tutorial feito por nostr:nostr:npub1rc56x0ek0dd303eph523g3chm0wmrs5wdk6vs0ehd0m5fn8t7y4sqra3tk poste original abaixo:

Parte 1 : http://xh6liiypqffzwnu5734ucwps37tn2g6npthvugz3gdoqpikujju525yd.onion/263585/tutorial-debloat-de-celulares-android-via-adb-parte-1

Parte 2 : http://xh6liiypqffzwnu5734ucwps37tn2g6npthvugz3gdoqpikujju525yd.onion/index.php/263586/tutorial-debloat-de-celulares-android-via-adb-parte-2

Quando o assunto é privacidade em celulares, uma das medidas comumente mencionadas é a remoção de bloatwares do dispositivo, também chamado de debloat. O meio mais eficiente para isso sem dúvidas é a troca de sistema operacional. Custom Rom’s como LineageOS, GrapheneOS, Iodé, CalyxOS, etc, já são bastante enxutos nesse quesito, principalmente quanto não é instalado os G-Apps com o sistema. No entanto, essa prática pode acabar resultando em problemas indesejados como a perca de funções do dispositivo, e até mesmo incompatibilidade com apps bancários, tornando este método mais atrativo para quem possui mais de um dispositivo e separando um apenas para privacidade.   Pensando nisso, pessoas que possuem apenas um único dispositivo móvel, que são necessitadas desses apps ou funções, mas, ao mesmo tempo, tem essa visão em prol da privacidade, buscam por um meio-termo entre manter a Stock rom, e não ter seus dados coletados por esses bloatwares. Felizmente, a remoção de bloatwares é possível e pode ser realizada via root, ou mais da maneira que este artigo irá tratar, via adb.

O que são bloatwares?

Bloatware é a junção das palavras bloat (inchar) + software (programa), ou seja, um bloatware é basicamente um programa inútil ou facilmente substituível — colocado em seu dispositivo previamente pela fabricante e operadora — que está no seu dispositivo apenas ocupando espaço de armazenamento, consumindo memória RAM e pior, coletando seus dados e enviando para servidores externos, além de serem mais pontos de vulnerabilidades.

O que é o adb?

O Android Debug Brigde, ou apenas adb, é uma ferramenta que se utiliza das permissões de usuário shell e permite o envio de comandos vindo de um computador para um dispositivo Android exigindo apenas que a depuração USB esteja ativa, mas também pode ser usada diretamente no celular a partir do Android 11, com o uso do Termux e a depuração sem fio (ou depuração wifi). A ferramenta funciona normalmente em dispositivos sem root, e também funciona caso o celular esteja em Recovery Mode.

Requisitos:

Para computadores:

• Depuração USB ativa no celular; • Computador com adb; • Cabo USB;

Para celulares:

• Depuração sem fio (ou depuração wifi) ativa no celular; • Termux; • Android 11 ou superior;

Para ambos:

• Firewall NetGuard instalado e configurado no celular; • Lista de bloatwares para seu dispositivo;

Ativação de depuração:

Para ativar a Depuração USB em seu dispositivo, pesquise como ativar as opções de desenvolvedor de seu dispositivo, e lá ative a depuração. No caso da depuração sem fio, sua ativação irá ser necessária apenas no momento que for conectar o dispositivo ao Termux.

Instalação e configuração do NetGuard

O NetGuard pode ser instalado através da própria Google Play Store, mas de preferência instale pela F-Droid ou Github para evitar telemetria.

F-Droid: https://f-droid.org/packages/eu.faircode.netguard/

Github: https://github.com/M66B/NetGuard/releases

Após instalado, configure da seguinte maneira:

Configurações → padrões (lista branca/negra) → ative as 3 primeiras opções (bloquear wifi, bloquear dados móveis e aplicar regras ‘quando tela estiver ligada’);

Configurações → opções avançadas → ative as duas primeiras (administrar aplicativos do sistema e registrar acesso a internet);

Com isso, todos os apps estarão sendo bloqueados de acessar a internet, seja por wifi ou dados móveis, e na página principal do app basta permitir o acesso a rede para os apps que você vai usar (se necessário). Permita que o app rode em segundo plano sem restrição da otimização de bateria, assim quando o celular ligar, ele já estará ativo.

Lista de bloatwares

Nem todos os bloatwares são genéricos, haverá bloatwares diferentes conforme a marca, modelo, versão do Android, e até mesmo região.

Para obter uma lista de bloatwares de seu dispositivo, caso seu aparelho já possua um tempo de existência, você encontrará listas prontas facilmente apenas pesquisando por elas. Supondo que temos um Samsung Galaxy Note 10 Plus em mãos, basta pesquisar em seu motor de busca por:

Samsung Galaxy Note 10 Plus bloatware list

Provavelmente essas listas já terão inclusas todos os bloatwares das mais diversas regiões, lhe poupando o trabalho de buscar por alguma lista mais específica.

Caso seu aparelho seja muito recente, e/ou não encontre uma lista pronta de bloatwares, devo dizer que você acaba de pegar em merda, pois é chato para um caralho pesquisar por cada aplicação para saber sua função, se é essencial para o sistema ou se é facilmente substituível.

De antemão já aviso, que mais para frente, caso vossa gostosura remova um desses aplicativos que era essencial para o sistema sem saber, vai acabar resultando na perda de alguma função importante, ou pior, ao reiniciar o aparelho o sistema pode estar quebrado, lhe obrigando a seguir com uma formatação, e repetir todo o processo novamente.

Download do adb em computadores

Para usar a ferramenta do adb em computadores, basta baixar o pacote chamado SDK platform-tools, disponível através deste link: https://developer.android.com/tools/releases/platform-tools. Por ele, você consegue o download para Windows, Mac e Linux.

Uma vez baixado, basta extrair o arquivo zipado, contendo dentro dele uma pasta chamada platform-tools que basta ser aberta no terminal para se usar o adb.

Download do adb em celulares com Termux.

Para usar a ferramenta do adb diretamente no celular, antes temos que baixar o app Termux, que é um emulador de terminal linux, e já possui o adb em seu repositório. Você encontra o app na Google Play Store, mas novamente recomendo baixar pela F-Droid ou diretamente no Github do projeto.

F-Droid: https://f-droid.org/en/packages/com.termux/

Github: https://github.com/termux/termux-app/releases

Processo de debloat

Antes de iniciarmos, é importante deixar claro que não é para você sair removendo todos os bloatwares de cara sem mais nem menos, afinal alguns deles precisam antes ser substituídos, podem ser essenciais para você para alguma atividade ou função, ou até mesmo são insubstituíveis.

Alguns exemplos de bloatwares que a substituição é necessária antes da remoção, é o Launcher, afinal, é a interface gráfica do sistema, e o teclado, que sem ele só é possível digitar com teclado externo. O Launcher e teclado podem ser substituídos por quaisquer outros, minha recomendação pessoal é por aqueles que respeitam sua privacidade, como Pie Launcher e Simple Laucher, enquanto o teclado pelo OpenBoard e FlorisBoard, todos open-source e disponíveis da F-Droid.

Identifique entre a lista de bloatwares, quais você gosta, precisa ou prefere não substituir, de maneira alguma você é obrigado a remover todos os bloatwares possíveis, modifique seu sistema a seu bel-prazer. O NetGuard lista todos os apps do celular com o nome do pacote, com isso você pode filtrar bem qual deles não remover.

Um exemplo claro de bloatware insubstituível e, portanto, não pode ser removido, é o com.android.mtp, um protocolo onde sua função é auxiliar a comunicação do dispositivo com um computador via USB, mas por algum motivo, tem acesso a rede e se comunica frequentemente com servidores externos. Para esses casos, e melhor solução mesmo é bloquear o acesso a rede desses bloatwares com o NetGuard.

MTP tentando comunicação com servidores externos:

Executando o adb shell

No computador

Faça backup de todos os seus arquivos importantes para algum armazenamento externo, e formate seu celular com o hard reset. Após a formatação, e a ativação da depuração USB, conecte seu aparelho e o pc com o auxílio de um cabo USB. Muito provavelmente seu dispositivo irá apenas começar a carregar, por isso permita a transferência de dados, para que o computador consiga se comunicar normalmente com o celular.

Já no pc, abra a pasta platform-tools dentro do terminal, e execute o seguinte comando:

./adb start-server

O resultado deve ser:

daemon not running; starting now at tcp:5037 daemon started successfully

E caso não apareça nada, execute:

./adb kill-server

E inicie novamente.

Com o adb conectado ao celular, execute:

./adb shell

Para poder executar comandos diretamente para o dispositivo. No meu caso, meu celular é um Redmi Note 8 Pro, codinome Begonia.

Logo o resultado deve ser:

begonia:/ $

Caso ocorra algum erro do tipo:

adb: device unauthorized. This adb server’s $ADB_VENDOR_KEYS is not set Try ‘adb kill-server’ if that seems wrong. Otherwise check for a confirmation dialog on your device.

Verifique no celular se apareceu alguma confirmação para autorizar a depuração USB, caso sim, autorize e tente novamente. Caso não apareça nada, execute o kill-server e repita o processo.

No celular

Após realizar o mesmo processo de backup e hard reset citado anteriormente, instale o Termux e, com ele iniciado, execute o comando:

pkg install android-tools

Quando surgir a mensagem “Do you want to continue? [Y/n]”, basta dar enter novamente que já aceita e finaliza a instalação

Agora, vá até as opções de desenvolvedor, e ative a depuração sem fio. Dentro das opções da depuração sem fio, terá uma opção de emparelhamento do dispositivo com um código, que irá informar para você um código em emparelhamento, com um endereço IP e porta, que será usado para a conexão com o Termux.

Para facilitar o processo, recomendo que abra tanto as configurações quanto o Termux ao mesmo tempo, e divida a tela com os dois app’s, como da maneira a seguir:

Para parear o Termux com o dispositivo, não é necessário digitar o ip informado, basta trocar por “localhost”, já a porta e o código de emparelhamento, deve ser digitado exatamente como informado. Execute:

adb pair localhost:porta CódigoDeEmparelhamento

De acordo com a imagem mostrada anteriormente, o comando ficaria “adb pair localhost:41255 757495”.

Com o dispositivo emparelhado com o Termux, agora basta conectar para conseguir executar os comandos, para isso execute:

adb connect localhost:porta

Obs: a porta que você deve informar neste comando não é a mesma informada com o código de emparelhamento, e sim a informada na tela principal da depuração sem fio.

Pronto! Termux e adb conectado com sucesso ao dispositivo, agora basta executar normalmente o adb shell:

adb shell

Remoção na prática Com o adb shell executado, você está pronto para remover os bloatwares. No meu caso, irei mostrar apenas a remoção de um app (Google Maps), já que o comando é o mesmo para qualquer outro, mudando apenas o nome do pacote.

Dentro do NetGuard, verificando as informações do Google Maps:

Podemos ver que mesmo fora de uso, e com a localização do dispositivo desativado, o app está tentando loucamente se comunicar com servidores externos, e informar sabe-se lá que peste. Mas sem novidades até aqui, o mais importante é que podemos ver que o nome do pacote do Google Maps é com.google.android.apps.maps, e para o remover do celular, basta executar:

pm uninstall –user 0 com.google.android.apps.maps

E pronto, bloatware removido! Agora basta repetir o processo para o resto dos bloatwares, trocando apenas o nome do pacote.

Para acelerar o processo, você pode já criar uma lista do bloco de notas com os comandos, e quando colar no terminal, irá executar um atrás do outro.

Exemplo de lista:

Caso a donzela tenha removido alguma coisa sem querer, também é possível recuperar o pacote com o comando:

cmd package install-existing nome.do.pacote

Pós-debloat

Após limpar o máximo possível o seu sistema, reinicie o aparelho, caso entre no como recovery e não seja possível dar reboot, significa que você removeu algum app “essencial” para o sistema, e terá que formatar o aparelho e repetir toda a remoção novamente, desta vez removendo poucos bloatwares de uma vez, e reiniciando o aparelho até descobrir qual deles não pode ser removido. Sim, dá trabalho… quem mandou querer privacidade?

Caso o aparelho reinicie normalmente após a remoção, parabéns, agora basta usar seu celular como bem entender! Mantenha o NetGuard sempre executando e os bloatwares que não foram possíveis remover não irão se comunicar com servidores externos, passe a usar apps open source da F-Droid e instale outros apps através da Aurora Store ao invés da Google Play Store.

Referências: Caso você seja um Australopithecus e tenha achado este guia difícil, eis uma videoaula (3:14:40) do Anderson do canal Ciberdef, realizando todo o processo: http://odysee.com/@zai:5/Como-remover-at%C3%A9-200-APLICATIVOS-que-colocam-a-sua-PRIVACIDADE-E-SEGURAN%C3%87A-em-risco.:4?lid=6d50f40314eee7e2f218536d9e5d300290931d23

Pdf’s do Anderson citados na videoaula: créditos ao anon6837264 http://eternalcbrzpicytj4zyguygpmkjlkddxob7tptlr25cdipe5svyqoqd.onion/file/3863a834d29285d397b73a4af6fb1bbe67c888d72d30/t-05e63192d02ffd.pdf

Processo de instalação do Termux e adb no celular: https://youtu.be/APolZrPHSms

@ 56cd780f:cbde8b29

Is it still working?

@ 56cd780f:cbde8b29

Is it actually called “summary”?

@ 35f80bda:406855c0

O Bitcoin Core 29.0 foi oficialmente lançado e traz diversas melhorias técnicas voltadas para desenvolvedores, operadores de full nodes e a comunidade Bitcoin mais técnica. Desde mudanças na camada de rede até a atualização do sistema de build, este release é um passo significativo na modernização do ecossistema.

Se você roda um full node, desenvolve software que interage com o Core via RPC ou apenas quer estar por dentro das novidades técnicas, este artigo é para você.

Alterações na Rede e no P2P

Suporte ao UPnP Removido O UPnP foi totalmente desativado por razões de segurança e manutenção. Agora, a recomendação é utilizar a flag -natpmp, que conta com uma implementação interna de PCP e NAT-PMP. Mais seguro e mais leve.

Melhorias no Suporte Tor A porta onion agora é derivada da flag -port, permitindo múltiplos nós Tor na mesma máquina — ótimo para quem opera ambientes de teste ou múltiplos peers.

Transações Órfãs com Propagação Aprimorada O node agora tenta buscar os parents de transações órfãs consultando todos os peers que anunciaram a transação. Isso ajuda a preencher lacunas na mempool de forma mais eficiente.

Mempool e Política de Mineração

Ephemeral Dust Introdução de um novo conceito: ephemeral dust, que permite uma saída "dust" gratuita em uma transação desde que ela seja gasta dentro do mesmo pacote. Pode ser útil para otimizações de fees.

Correção no Peso Reservado de Blocos Bug que causava duplicação de peso reservado foi corrigido. Agora existe a flag -blockreservedweight, com limite mínimo de 2000 WU.

RPCs e REST mais robustos

• testmempoolaccept agora fornece o campo reject-details.
• submitblock preserva blocos duplicados mesmo que tenham sido podados.
• getblock, getblockheader e getblockchaininfo agora incluem o campo nBits (alvo de dificuldade).
• Novo RPC: getdescriptoractivity, que permite ver atividades de descritores em intervalos de blocos.
• APIs REST agora retornam nBits também no campo target.

Sistema de Build Modernizado

Uma das mudanças mais bem-vindas: o Bitcoin Core agora usa CMake em vez de Autotools como padrão de build. Isso facilita integração com IDEs, CI/CD pipelines modernos e personalização do build.

Outras Atualizações Importantes

• -dbcache teve limite máximo reduzido para lidar com o crescimento do conjunto UTXO.
• O comportamento Full Replace-by-Fee (RBF) agora é padrão. A flag -mempoolfullrbf foi removida.
• Aumentaram os valores padrão de -rpcthreads e -rpcworkqueue para lidar com maior paralelismo.

Ferramentas Novas

Uma nova ferramenta chamada utxo_to_sqlite.py converte snapshots compactos do conjunto UTXO para SQLite3. Excelente para quem quer auditar ou explorar o estado da blockchain com ferramentas padrão de banco de dados.

Limpeza de Dependências

As bibliotecas externas MiniUPnPc e libnatpmp foram removidas, substituídas por implementações internas. Menos dependências = manutenção mais fácil e menos riscos.

Como atualizar?

1. Pare o seu nó atual com segurança.
2. Instale a nova versão.
3. Verifique configurações como -dbcache, -blockreservedweight e o comportamento RBF.
4. Consulte os logs com atenção nas primeiras execuções para validar o novo comportamento.

Conclusão

O Bitcoin Core 29.0 representa um passo firme em direção a uma base de código mais moderna, segura e modular. Para quem mantém nós, desenvolve soluções sobre o Core ou audita a rede, é uma atualização que vale a pena testar e entender a fundo.

Já testou a nova versão? Notou impactos nas suas aplicações ou infraestrutura?

Referências

Release Notes 29.0 - GitHub

Bitcoin Core

Documentação técnica

@ 91bea5cd:1df4451c

Básico

bash lsblk # Lista todos os diretorios montados.

Para criar o sistema de arquivos:

bash mkfs.btrfs -L "ThePool" -f /dev/sdx

Criando um subvolume:

bash btrfs subvolume create SubVol

Montando Sistema de Arquivos:

bash mount -o compress=zlib,subvol=SubVol,autodefrag /dev/sdx /mnt

Lista os discos formatados no diretório:

bash btrfs filesystem show /mnt

Adiciona novo disco ao subvolume:

bash btrfs device add -f /dev/sdy /mnt

Lista novamente os discos do subvolume:

bash btrfs filesystem show /mnt

Exibe uso dos discos do subvolume:

bash btrfs filesystem df /mnt

Balancea os dados entre os discos sobre raid1:

bash btrfs filesystem balance start -dconvert=raid1 -mconvert=raid1 /mnt

Scrub é uma passagem por todos os dados e metadados do sistema de arquivos e verifica as somas de verificação. Se uma cópia válida estiver disponível (perfis de grupo de blocos replicados), a danificada será reparada. Todas as cópias dos perfis replicados são validadas.

iniciar o processo de depuração :

bash btrfs scrub start /mnt

ver o status do processo de depuração Btrfs em execução:

bash btrfs scrub status /mnt

ver o status do scrub Btrfs para cada um dos dispositivos

bash btrfs scrub status -d / data btrfs scrub cancel / data

Para retomar o processo de depuração do Btrfs que você cancelou ou pausou:

btrfs scrub resume / data

Listando os subvolumes:

bash btrfs subvolume list /Reports

Criando um instantâneo dos subvolumes:

Aqui, estamos criando um instantâneo de leitura e gravação chamado snap de marketing do subvolume de marketing.

bash btrfs subvolume snapshot /Reports/marketing /Reports/marketing-snap

Além disso, você pode criar um instantâneo somente leitura usando o sinalizador -r conforme mostrado. O marketing-rosnap é um instantâneo somente leitura do subvolume de marketing

bash btrfs subvolume snapshot -r /Reports/marketing /Reports/marketing-rosnap

Forçar a sincronização do sistema de arquivos usando o utilitário 'sync'

Para forçar a sincronização do sistema de arquivos, invoque a opção de sincronização conforme mostrado. Observe que o sistema de arquivos já deve estar montado para que o processo de sincronização continue com sucesso.

bash btrfs filsystem sync /Reports

Para excluir o dispositivo do sistema de arquivos, use o comando device delete conforme mostrado.

bash btrfs device delete /dev/sdc /Reports

Para sondar o status de um scrub, use o comando scrub status com a opção -dR .

bash btrfs scrub status -dR / Relatórios

Para cancelar a execução do scrub, use o comando scrub cancel .

bash $ sudo btrfs scrub cancel / Reports

Para retomar ou continuar com uma depuração interrompida anteriormente, execute o comando de cancelamento de depuração

bash sudo btrfs scrub resume /Reports

mostra o uso do dispositivo de armazenamento:

btrfs filesystem usage /data

Para distribuir os dados, metadados e dados do sistema em todos os dispositivos de armazenamento do RAID (incluindo o dispositivo de armazenamento recém-adicionado) montados no diretório /data , execute o seguinte comando:

sudo btrfs balance start --full-balance /data

Pode demorar um pouco para espalhar os dados, metadados e dados do sistema em todos os dispositivos de armazenamento do RAID se ele contiver muitos dados.

Opções importantes de montagem Btrfs

Nesta seção, vou explicar algumas das importantes opções de montagem do Btrfs. Então vamos começar.

As opções de montagem Btrfs mais importantes são:

**1. acl e noacl

**ACL gerencia permissões de usuários e grupos para os arquivos/diretórios do sistema de arquivos Btrfs.

A opção de montagem acl Btrfs habilita ACL. Para desabilitar a ACL, você pode usar a opção de montagem noacl .

Por padrão, a ACL está habilitada. Portanto, o sistema de arquivos Btrfs usa a opção de montagem acl por padrão.

**2. autodefrag e noautodefrag

**Desfragmentar um sistema de arquivos Btrfs melhorará o desempenho do sistema de arquivos reduzindo a fragmentação de dados.

A opção de montagem autodefrag permite a desfragmentação automática do sistema de arquivos Btrfs.

A opção de montagem noautodefrag desativa a desfragmentação automática do sistema de arquivos Btrfs.

Por padrão, a desfragmentação automática está desabilitada. Portanto, o sistema de arquivos Btrfs usa a opção de montagem noautodefrag por padrão.

**3. compactar e compactar-forçar

**Controla a compactação de dados no nível do sistema de arquivos do sistema de arquivos Btrfs.

A opção compactar compacta apenas os arquivos que valem a pena compactar (se compactar o arquivo economizar espaço em disco).

A opção compress-force compacta todos os arquivos do sistema de arquivos Btrfs, mesmo que a compactação do arquivo aumente seu tamanho.

O sistema de arquivos Btrfs suporta muitos algoritmos de compactação e cada um dos algoritmos de compactação possui diferentes níveis de compactação.

Os algoritmos de compactação suportados pelo Btrfs são: lzo , zlib (nível 1 a 9) e zstd (nível 1 a 15).

Você pode especificar qual algoritmo de compactação usar para o sistema de arquivos Btrfs com uma das seguintes opções de montagem:

• compress=algoritmo:nível
• compress-force=algoritmo:nível

Para obter mais informações, consulte meu artigo Como habilitar a compactação do sistema de arquivos Btrfs .

**4. subvol e subvolid

**Estas opções de montagem são usadas para montar separadamente um subvolume específico de um sistema de arquivos Btrfs.

A opção de montagem subvol é usada para montar o subvolume de um sistema de arquivos Btrfs usando seu caminho relativo.

A opção de montagem subvolid é usada para montar o subvolume de um sistema de arquivos Btrfs usando o ID do subvolume.

Para obter mais informações, consulte meu artigo Como criar e montar subvolumes Btrfs .

**5. dispositivo

A opção de montagem de dispositivo** é usada no sistema de arquivos Btrfs de vários dispositivos ou RAID Btrfs.

Em alguns casos, o sistema operacional pode falhar ao detectar os dispositivos de armazenamento usados em um sistema de arquivos Btrfs de vários dispositivos ou RAID Btrfs. Nesses casos, você pode usar a opção de montagem do dispositivo para especificar os dispositivos que deseja usar para o sistema de arquivos de vários dispositivos Btrfs ou RAID.

Você pode usar a opção de montagem de dispositivo várias vezes para carregar diferentes dispositivos de armazenamento para o sistema de arquivos de vários dispositivos Btrfs ou RAID.

Você pode usar o nome do dispositivo (ou seja, sdb , sdc ) ou UUID , UUID_SUB ou PARTUUID do dispositivo de armazenamento com a opção de montagem do dispositivo para identificar o dispositivo de armazenamento.

Por exemplo,

• dispositivo=/dev/sdb
• dispositivo=/dev/sdb,dispositivo=/dev/sdc
• dispositivo=UUID_SUB=490a263d-eb9a-4558-931e-998d4d080c5d
• device=UUID_SUB=490a263d-eb9a-4558-931e-998d4d080c5d,device=UUID_SUB=f7ce4875-0874-436a-b47d-3edef66d3424

**6. degraded

A opção de montagem degradada** permite que um RAID Btrfs seja montado com menos dispositivos de armazenamento do que o perfil RAID requer.

Por exemplo, o perfil raid1 requer a presença de 2 dispositivos de armazenamento. Se um dos dispositivos de armazenamento não estiver disponível em qualquer caso, você usa a opção de montagem degradada para montar o RAID mesmo que 1 de 2 dispositivos de armazenamento esteja disponível.

**7. commit

A opção commit** mount é usada para definir o intervalo (em segundos) dentro do qual os dados serão gravados no dispositivo de armazenamento.

O padrão é definido como 30 segundos.

Para definir o intervalo de confirmação para 15 segundos, você pode usar a opção de montagem commit=15 (digamos).

**8. ssd e nossd

A opção de montagem ssd** informa ao sistema de arquivos Btrfs que o sistema de arquivos está usando um dispositivo de armazenamento SSD, e o sistema de arquivos Btrfs faz a otimização SSD necessária.

A opção de montagem nossd desativa a otimização do SSD.

O sistema de arquivos Btrfs detecta automaticamente se um SSD é usado para o sistema de arquivos Btrfs. Se um SSD for usado, a opção de montagem de SSD será habilitada. Caso contrário, a opção de montagem nossd é habilitada.

**9. ssd_spread e nossd_spread

A opção de montagem ssd_spread** tenta alocar grandes blocos contínuos de espaço não utilizado do SSD. Esse recurso melhora o desempenho de SSDs de baixo custo (baratos).

A opção de montagem nossd_spread desativa o recurso ssd_spread .

O sistema de arquivos Btrfs detecta automaticamente se um SSD é usado para o sistema de arquivos Btrfs. Se um SSD for usado, a opção de montagem ssd_spread será habilitada. Caso contrário, a opção de montagem nossd_spread é habilitada.

**10. descarte e nodiscard

Se você estiver usando um SSD que suporte TRIM enfileirado assíncrono (SATA rev3.1), a opção de montagem de descarte** permitirá o descarte de blocos de arquivos liberados. Isso melhorará o desempenho do SSD.

Se o SSD não suportar TRIM enfileirado assíncrono, a opção de montagem de descarte prejudicará o desempenho do SSD. Nesse caso, a opção de montagem nodiscard deve ser usada.

Por padrão, a opção de montagem nodiscard é usada.

**11. norecovery

Se a opção de montagem norecovery** for usada, o sistema de arquivos Btrfs não tentará executar a operação de recuperação de dados no momento da montagem.

**12. usebackuproot e nousebackuproot

Se a opção de montagem usebackuproot for usada, o sistema de arquivos Btrfs tentará recuperar qualquer raiz de árvore ruim/corrompida no momento da montagem. O sistema de arquivos Btrfs pode armazenar várias raízes de árvore no sistema de arquivos. A opção de montagem usebackuproot** procurará uma boa raiz de árvore e usará a primeira boa que encontrar.

A opção de montagem nousebackuproot não verificará ou recuperará raízes de árvore inválidas/corrompidas no momento da montagem. Este é o comportamento padrão do sistema de arquivos Btrfs.

**13. space_cache, space_cache=version, nospace_cache e clear_cache

A opção de montagem space_cache** é usada para controlar o cache de espaço livre. O cache de espaço livre é usado para melhorar o desempenho da leitura do espaço livre do grupo de blocos do sistema de arquivos Btrfs na memória (RAM).

O sistema de arquivos Btrfs suporta 2 versões do cache de espaço livre: v1 (padrão) e v2

O mecanismo de cache de espaço livre v2 melhora o desempenho de sistemas de arquivos grandes (tamanho de vários terabytes).

Você pode usar a opção de montagem space_cache=v1 para definir a v1 do cache de espaço livre e a opção de montagem space_cache=v2 para definir a v2 do cache de espaço livre.

A opção de montagem clear_cache é usada para limpar o cache de espaço livre.

Quando o cache de espaço livre v2 é criado, o cache deve ser limpo para criar um cache de espaço livre v1 .

Portanto, para usar o cache de espaço livre v1 após a criação do cache de espaço livre v2 , as opções de montagem clear_cache e space_cache=v1 devem ser combinadas: clear_cache,space_cache=v1

A opção de montagem nospace_cache é usada para desabilitar o cache de espaço livre.

Para desabilitar o cache de espaço livre após a criação do cache v1 ou v2 , as opções de montagem nospace_cache e clear_cache devem ser combinadas: clear_cache,nosapce_cache

**14. skip_balance

Por padrão, a operação de balanceamento interrompida/pausada de um sistema de arquivos Btrfs de vários dispositivos ou RAID Btrfs será retomada automaticamente assim que o sistema de arquivos Btrfs for montado. Para desabilitar a retomada automática da operação de equilíbrio interrompido/pausado em um sistema de arquivos Btrfs de vários dispositivos ou RAID Btrfs, você pode usar a opção de montagem skip_balance .**

**15. datacow e nodatacow

A opção datacow** mount habilita o recurso Copy-on-Write (CoW) do sistema de arquivos Btrfs. É o comportamento padrão.

Se você deseja desabilitar o recurso Copy-on-Write (CoW) do sistema de arquivos Btrfs para os arquivos recém-criados, monte o sistema de arquivos Btrfs com a opção de montagem nodatacow .

**16. datasum e nodatasum

A opção datasum** mount habilita a soma de verificação de dados para arquivos recém-criados do sistema de arquivos Btrfs. Este é o comportamento padrão.

Se você não quiser que o sistema de arquivos Btrfs faça a soma de verificação dos dados dos arquivos recém-criados, monte o sistema de arquivos Btrfs com a opção de montagem nodatasum .

Perfis Btrfs

Um perfil Btrfs é usado para informar ao sistema de arquivos Btrfs quantas cópias dos dados/metadados devem ser mantidas e quais níveis de RAID devem ser usados para os dados/metadados. O sistema de arquivos Btrfs contém muitos perfis. Entendê-los o ajudará a configurar um RAID Btrfs da maneira que você deseja.

Os perfis Btrfs disponíveis são os seguintes:

single : Se o perfil único for usado para os dados/metadados, apenas uma cópia dos dados/metadados será armazenada no sistema de arquivos, mesmo se você adicionar vários dispositivos de armazenamento ao sistema de arquivos. Assim, 100% do espaço em disco de cada um dos dispositivos de armazenamento adicionados ao sistema de arquivos pode ser utilizado.

dup : Se o perfil dup for usado para os dados/metadados, cada um dos dispositivos de armazenamento adicionados ao sistema de arquivos manterá duas cópias dos dados/metadados. Assim, 50% do espaço em disco de cada um dos dispositivos de armazenamento adicionados ao sistema de arquivos pode ser utilizado.

raid0 : No perfil raid0 , os dados/metadados serão divididos igualmente em todos os dispositivos de armazenamento adicionados ao sistema de arquivos. Nesta configuração, não haverá dados/metadados redundantes (duplicados). Assim, 100% do espaço em disco de cada um dos dispositivos de armazenamento adicionados ao sistema de arquivos pode ser usado. Se, em qualquer caso, um dos dispositivos de armazenamento falhar, todo o sistema de arquivos será corrompido. Você precisará de pelo menos dois dispositivos de armazenamento para configurar o sistema de arquivos Btrfs no perfil raid0 .

raid1 : No perfil raid1 , duas cópias dos dados/metadados serão armazenadas nos dispositivos de armazenamento adicionados ao sistema de arquivos. Nesta configuração, a matriz RAID pode sobreviver a uma falha de unidade. Mas você pode usar apenas 50% do espaço total em disco. Você precisará de pelo menos dois dispositivos de armazenamento para configurar o sistema de arquivos Btrfs no perfil raid1 .

raid1c3 : No perfil raid1c3 , três cópias dos dados/metadados serão armazenadas nos dispositivos de armazenamento adicionados ao sistema de arquivos. Nesta configuração, a matriz RAID pode sobreviver a duas falhas de unidade, mas você pode usar apenas 33% do espaço total em disco. Você precisará de pelo menos três dispositivos de armazenamento para configurar o sistema de arquivos Btrfs no perfil raid1c3 .

raid1c4 : No perfil raid1c4 , quatro cópias dos dados/metadados serão armazenadas nos dispositivos de armazenamento adicionados ao sistema de arquivos. Nesta configuração, a matriz RAID pode sobreviver a três falhas de unidade, mas você pode usar apenas 25% do espaço total em disco. Você precisará de pelo menos quatro dispositivos de armazenamento para configurar o sistema de arquivos Btrfs no perfil raid1c4 .

raid10 : No perfil raid10 , duas cópias dos dados/metadados serão armazenadas nos dispositivos de armazenamento adicionados ao sistema de arquivos, como no perfil raid1 . Além disso, os dados/metadados serão divididos entre os dispositivos de armazenamento, como no perfil raid0 .

O perfil raid10 é um híbrido dos perfis raid1 e raid0 . Alguns dos dispositivos de armazenamento formam arrays raid1 e alguns desses arrays raid1 são usados para formar um array raid0 . Em uma configuração raid10 , o sistema de arquivos pode sobreviver a uma única falha de unidade em cada uma das matrizes raid1 .

Você pode usar 50% do espaço total em disco na configuração raid10 . Você precisará de pelo menos quatro dispositivos de armazenamento para configurar o sistema de arquivos Btrfs no perfil raid10 .

raid5 : No perfil raid5 , uma cópia dos dados/metadados será dividida entre os dispositivos de armazenamento. Uma única paridade será calculada e distribuída entre os dispositivos de armazenamento do array RAID.

Em uma configuração raid5 , o sistema de arquivos pode sobreviver a uma única falha de unidade. Se uma unidade falhar, você pode adicionar uma nova unidade ao sistema de arquivos e os dados perdidos serão calculados a partir da paridade distribuída das unidades em execução.

Você pode usar 1 00x(N-1)/N % do total de espaços em disco na configuração raid5 . Aqui, N é o número de dispositivos de armazenamento adicionados ao sistema de arquivos. Você precisará de pelo menos três dispositivos de armazenamento para configurar o sistema de arquivos Btrfs no perfil raid5 .

raid6 : No perfil raid6 , uma cópia dos dados/metadados será dividida entre os dispositivos de armazenamento. Duas paridades serão calculadas e distribuídas entre os dispositivos de armazenamento do array RAID.

Em uma configuração raid6 , o sistema de arquivos pode sobreviver a duas falhas de unidade ao mesmo tempo. Se uma unidade falhar, você poderá adicionar uma nova unidade ao sistema de arquivos e os dados perdidos serão calculados a partir das duas paridades distribuídas das unidades em execução.

Você pode usar 100x(N-2)/N % do espaço total em disco na configuração raid6 . Aqui, N é o número de dispositivos de armazenamento adicionados ao sistema de arquivos. Você precisará de pelo menos quatro dispositivos de armazenamento para configurar o sistema de arquivos Btrfs no perfil raid6 .

@ 56cd780f:cbde8b29

A few weeks ago, I ran into an old friend at a coffee shop. We hadn’t spoken in years, and within five minutes, she said something I’ve heard countless times:

“I just feel like I’m so behind.”

Behind who? Behind what?

There’s this idea—quiet, nagging, oddly universal—that we’re all somehow in a race we didn’t sign up for. That we’re supposed to have hit certain milestones by certain ages. That if we’re not married, promoted, rich, settled, happy (and photogenic) by 30 or 40 or pick your poison, then we’ve failed some invisible test.

Where did this come from?

Some of it’s cultural, obviously. Social media compresses timelines. You’re 27, doom-scrolling, and suddenly someone from high school just IPO’d their startup and got engaged in Rome. Another just bought a house with a kitchen island the size of a small country. You wonder if you missed a memo.

But beneath that, there’s something deeper. A belief that life is linear. That it should look like a staircase: school, job, marriage, house, kids, success. But real life? It’s a squiggle. A mess. A beautiful disaster.

Here’s the truth: You’re not behind. There’s no schedule. There’s only your path, and the courage it takes to stay on it—even when it looks wildly different from everyone else’s.

I say this as someone who has taken the “scenic route.” I changed careers in my 30s. I moved cities on a hunch. I dropped things that looked great on paper because they felt wrong in my gut. I’ve had seasons of momentum and seasons of stuckness. Both were necessary.

“Catching up” assumes there’s a fixed destination. But what if there isn’t? What if the point isn’t arrival, but presence? Progress that feels real, not performative?

If you need a permission slip to stop comparing, let this be it.

You’re not late. You’re not early.
You’re right on time.

@ 91bea5cd:1df4451c

Um bom gerenciamento de senhas deve ser simples e seguir a filosofia do Unix.  Organizado em hierarquia e fácil de passar de um computador para outro.

E por isso não é recomendável o uso de aplicativos de terceiros que tenham acesso a suas chaves(senhas) em seus servidores, tampouco as opções nativas dos navegadores, que também pertencem a grandes empresas que fazem um grande esforço para ter acesso a nossas informações.

Recomendação

• pass
• Qtpass (gerenciador gráfico)

Com ele seus dados são criptografados usando sua chave gpg e salvo em arquivos organizados por pastas de forma hierárquica, podendo ser integrado a um serviço git de sua escolha ou copiado facilmente de um local para outro.

Uso

O seu uso é bem simples.

Configuração:

pass git init

Para ver:

pass Email/example.com

Copiar para área de transferência (exige xclip):

pass -c Email/example.com

Para inserir:

pass insert Email/example0.com

Para inserir e gerar senha:

pass generate Email/example1.com

Para inserir e gerar senha sem símbolos:

pass generate --no-symbols Email/example1.com

Para inserir, gerar senha e copiar para área de transferência :

pass generate -c Email/example1.com

Para remover:

pass rm Email/example.com

@ 7501d519:e6ff3dcc

English: "Politicians steal billions and get light sentences, while the poor get jailed for stealing bread. Is the law just a tool for the rich?"

originally posted at https://stacker.news/items/966062

@ 975e4ad5:8d4847ce

With the advancement of quantum computers, a new threat emerges for the security of cryptocurrencies and blockchain technologies. These powerful machines have the potential to expose vulnerabilities in traditional cryptographic systems, which could jeopardize the safety of digital wallets. But don’t worry—modern wallets are already equipped to handle this threat with innovative solutions that make your funds nearly impossible to steal, even by a quantum computer. Let’s explore how this works and why you can rest easy.

The Threat of Quantum Computers

To understand how wallets protect us, we first need to grasp what makes quantum computers so dangerous. At the core of most cryptocurrencies, like Bitcoin, lies public and private key cryptography. The public key (or address) is like your bank account number—you share it to receive funds. The private key is like your PIN—it allows you to send funds and must remain secret.

Traditional cryptography, such as the ECDSA algorithm, relies on mathematical problems that are extremely difficult to solve with conventional computers. For instance, deriving a private key from a public key is practically impossible, as it would take millions of years of computation. However, quantum computers, thanks to algorithms like Shor’s, can significantly speed up this process. Theoretically, a sufficiently powerful quantum computer could uncover a private key from a public key in minutes or even seconds.

This is a problem because if someone gains access to your private key, they can send all your funds to their own address. But here’s the good news—modern wallets use a clever solution to render this threat powerless.

How Do Wallets Protect Us?

One of the most effective defenses against quantum computers is the use of one-time addresses in wallets. This means that for every transaction—whether receiving or sending funds—the wallet automatically generates a new public address. The old address, once used, remains in the transaction history but no longer holds any funds, as they are transferred to a new address.

Why Does This Work?

Imagine you’re sending or receiving cryptocurrency. Your wallet creates a new address for that transaction. After the funds are sent or received, that address becomes “used,” and the wallet automatically generates a new one for the next transaction. If a quantum computer manages to derive the private key from the public address of the used address, it will find nothing—because that address is already empty. Your funds are safely transferred to a new address, whose public key has not yet been exposed.

This strategy is known as HD (Hierarchical Deterministic) wallets. It allows the wallet to generate an infinite number of addresses from a single master key (seed) without compromising security. Each new address is unique and cannot be linked to the previous ones, making it impossible to trace your funds, even with a quantum computer.

Automation Makes It Effortless

The best part? You don’t need to worry about this process—it’s fully automated. When you use a modern wallet like MetaMask, Ledger, Trezor, or software wallets for Bitcoin, everything happens behind the scenes. You simply click “receive” or “send,” and the wallet takes care of generating new addresses. There’s no need to understand the complex technical details or manually manage your keys.

For example:

• You want to receive 0.1 BTC. Your wallet provides a new address, which you share with the sender.
• After receiving the funds, the wallet automatically prepares a new address for the next transaction.
• If you send some of the funds, the remaining amount (known as “change”) is sent to another new address generated by the wallet.

This system ensures that public addresses exposed on the blockchain no longer hold funds, making quantum attacks pointless.

Additional Protection: Toward Post-Quantum Cryptography

Beyond one-time addresses, blockchain developers are also working on post-quantum cryptography—algorithms that are resistant to quantum computers. Some blockchain networks are already experimenting with such solutions, like algorithms based on lattices (lattice-based cryptography). These methods don’t rely on the same mathematical problems that quantum computers can solve, offering long-term protection.

In the meantime, one-time addresses combined with current cryptographic standards provide enough security to safeguard your funds until post-quantum solutions become widely adopted.

Why You Shouldn’t Worry

Modern wallets are designed with the future in mind. They not only protect against today’s threats but also anticipate future risks, such as those posed by quantum computers. One-time addresses make exposed public keys useless to hackers, and automation ensures you don’t need to deal with the technicalities. HD wallets, which automatically generate new addresses, make the process seamless and secure for users.

Public key exposure only happens when necessary, reducing the risk of attacks, even from a quantum computer. In conclusion, while quantum computers pose a potential threat, modern wallets already offer effective solutions that make your cryptocurrencies nearly impossible to steal. With one-time addresses and the upcoming adoption of post-quantum cryptography, you can be confident that your funds are safe—today and tomorrow.

@ 91bea5cd:1df4451c

O que é Tahoe-LAFS?

Bem-vindo ao Tahoe-LAFS_, o primeiro sistema de armazenamento descentralizado com

• Segurança independente do provedor * .

Tahoe-LAFS é um sistema que ajuda você a armazenar arquivos. Você executa um cliente Programa no seu computador, que fala com um ou mais servidores de armazenamento em outros computadores. Quando você diz ao seu cliente para armazenar um arquivo, ele irá criptografar isso Arquivo, codifique-o em múltiplas peças, depois espalhe essas peças entre Vários servidores. As peças são todas criptografadas e protegidas contra Modificações. Mais tarde, quando você pede ao seu cliente para recuperar o arquivo, ele irá Encontre as peças necessárias, verifique se elas não foram corrompidas e remontadas Eles, e descriptografar o resultado.

O cliente cria mais peças (ou "compartilhamentos") do que acabará por precisar, então Mesmo que alguns servidores falhem, você ainda pode recuperar seus dados. Corrompido Os compartilhamentos são detectados e ignorados, de modo que o sistema pode tolerar o lado do servidor Erros no disco rígido. Todos os arquivos são criptografados (com uma chave exclusiva) antes Uploading, então mesmo um operador de servidor mal-intencionado não pode ler seus dados. o A única coisa que você pede aos servidores é que eles podem (geralmente) fornecer o Compartilha quando você os solicita: você não está confiando sobre eles para Confidencialidade, integridade ou disponibilidade absoluta.

O que é "segurança independente do provedor"?

Todo vendedor de serviços de armazenamento na nuvem irá dizer-lhe que o seu serviço é "seguro". Mas o que eles significam com isso é algo fundamentalmente diferente Do que queremos dizer. O que eles significam por "seguro" é que depois de ter dado Eles o poder de ler e modificar seus dados, eles tentam muito difícil de não deixar Esse poder seja abusado. Isso acaba por ser difícil! Insetos, Configurações incorretas ou erro do operador podem acidentalmente expor seus dados para Outro cliente ou para o público, ou pode corromper seus dados. Criminosos Ganho rotineiramente de acesso ilícito a servidores corporativos. Ainda mais insidioso é O fato de que os próprios funcionários às vezes violam a privacidade do cliente De negligência, avareza ou mera curiosidade. O mais consciencioso de Esses prestadores de serviços gastam consideráveis ​​esforços e despesas tentando Mitigar esses riscos.

O que queremos dizer com "segurança" é algo diferente. * O provedor de serviços Nunca tem a capacidade de ler ou modificar seus dados em primeiro lugar: nunca. * Se você usa Tahoe-LAFS, então todas as ameaças descritas acima não são questões para você. Não só é fácil e barato para o provedor de serviços Manter a segurança de seus dados, mas na verdade eles não podem violar sua Segurança se eles tentaram. Isto é o que chamamos de * independente do fornecedor segurança*.

Esta garantia está integrada naturalmente no sistema de armazenamento Tahoe-LAFS e Não exige que você execute um passo de pré-criptografia manual ou uma chave complicada gestão. (Afinal, ter que fazer operações manuais pesadas quando Armazenar ou acessar seus dados anularia um dos principais benefícios de Usando armazenamento em nuvem em primeiro lugar: conveniência.)

Veja como funciona:

Uma "grade de armazenamento" é constituída por uma série de servidores de armazenamento. Um servidor de armazenamento Tem armazenamento direto em anexo (tipicamente um ou mais discos rígidos). Um "gateway" Se comunica com os nós de armazenamento e os usa para fornecer acesso ao Rede sobre protocolos como HTTP (S), SFTP ou FTP.

Observe que você pode encontrar "cliente" usado para se referir aos nós do gateway (que atuam como Um cliente para servidores de armazenamento) e também para processos ou programas que se conectam a Um nó de gateway e operações de execução na grade - por exemplo, uma CLI Comando, navegador da Web, cliente SFTP ou cliente FTP.

Os usuários não contam com servidores de armazenamento para fornecer * confidencialidade * nem

• Integridade * para seus dados - em vez disso, todos os dados são criptografados e Integridade verificada pelo gateway, para que os servidores não possam ler nem Modifique o conteúdo dos arquivos.

Os usuários dependem de servidores de armazenamento para * disponibilidade *. O texto cifrado é Codificado por apagamento em partes N distribuídas em pelo menos H distintas Servidores de armazenamento (o valor padrão para N é 10 e para H é 7) então Que pode ser recuperado de qualquer K desses servidores (o padrão O valor de K é 3). Portanto, apenas a falha do H-K + 1 (com o Padrões, 5) servidores podem tornar os dados indisponíveis.

No modo de implantação típico, cada usuário executa seu próprio gateway sozinho máquina. Desta forma, ela confia em sua própria máquina para a confidencialidade e Integridade dos dados.

Um modo de implantação alternativo é que o gateway é executado em uma máquina remota e O usuário se conecta ao HTTPS ou SFTP. Isso significa que o operador de O gateway pode visualizar e modificar os dados do usuário (o usuário * depende de * o Gateway para confidencialidade e integridade), mas a vantagem é que a O usuário pode acessar a grade Tahoe-LAFS com um cliente que não possui o Software de gateway instalado, como um quiosque de internet ou celular.

Controle de acesso

Existem dois tipos de arquivos: imutáveis ​​e mutáveis. Quando você carrega um arquivo Para a grade de armazenamento, você pode escolher o tipo de arquivo que será no grade. Os arquivos imutáveis ​​não podem ser modificados quando foram carregados. UMA O arquivo mutable pode ser modificado por alguém com acesso de leitura e gravação. Um usuário Pode ter acesso de leitura e gravação a um arquivo mutable ou acesso somente leitura, ou não Acesso a ele.

Um usuário que tenha acesso de leitura e gravação a um arquivo mutable ou diretório pode dar Outro acesso de leitura e gravação do usuário a esse arquivo ou diretório, ou eles podem dar Acesso somente leitura para esse arquivo ou diretório. Um usuário com acesso somente leitura Para um arquivo ou diretório pode dar acesso a outro usuário somente leitura.

Ao vincular um arquivo ou diretório a um diretório pai, você pode usar um Link de leitura-escrita ou um link somente de leitura. Se você usar um link de leitura e gravação, então Qualquer pessoa que tenha acesso de leitura e gravação ao diretório pai pode obter leitura-escrita Acesso à criança e qualquer pessoa que tenha acesso somente leitura ao pai O diretório pode obter acesso somente leitura à criança. Se você usar uma leitura somente Link, qualquer pessoa que tenha lido-escrito ou acesso somente leitura ao pai O diretório pode obter acesso somente leitura à criança.

================================================== ==== Usando Tahoe-LAFS com uma rede anônima: Tor, I2P ================================================== ====

. `Visão geral '

. `Casos de uso '

. Software Dependencies_

#. Tor #. I2P

. `Configuração de conexão '

. `Configuração de Anonimato '

#. Anonimato do cliente ' #.Anonimato de servidor, configuração manual ' #. `Anonimato de servidor, configuração automática '

. `Problemas de desempenho e segurança '

Visão geral

Tor é uma rede anonimização usada para ajudar a esconder a identidade da Internet Clientes e servidores. Consulte o site do Tor Project para obter mais informações: Https://www.torproject.org/

I2P é uma rede de anonimato descentralizada que se concentra no anonimato de ponta a ponta Entre clientes e servidores. Consulte o site I2P para obter mais informações: Https://geti2p.net/

Casos de uso

Existem três casos de uso potenciais para Tahoe-LAFS do lado do cliente:

1. O usuário deseja sempre usar uma rede de anonimato (Tor, I2P) para proteger Seu anonimato quando se conecta às redes de armazenamento Tahoe-LAFS (seja ou Não os servidores de armazenamento são anônimos).

2. O usuário não se preocupa em proteger seu anonimato, mas eles desejam se conectar a Servidores de armazenamento Tahoe-LAFS que são acessíveis apenas através de Tor Hidden Services ou I2P.

3. Tor é usado apenas se uma sugestão de conexão do servidor usar tor:. Essas sugestões Geralmente tem um endereço .onion.

4. I2P só é usado se uma sugestão de conexão do servidor usa i2p:. Essas sugestões Geralmente têm um endereço .i2p.

5. O usuário não se preocupa em proteger seu anonimato ou para se conectar a um anonimato Servidores de armazenamento. Este documento não é útil para você ... então pare de ler.

Para servidores de armazenamento Tahoe-LAFS existem três casos de uso:

1. O operador deseja proteger o anonimato fazendo seu Tahoe Servidor acessível apenas em I2P, através de Tor Hidden Services, ou ambos.

2. O operador não * requer * anonimato para o servidor de armazenamento, mas eles Quer que ele esteja disponível tanto no TCP / IP roteado publicamente quanto através de um Rede de anonimização (I2P, Tor Hidden Services). Uma possível razão para fazer Isso é porque ser alcançável através de uma rede de anonimato é um Maneira conveniente de ignorar NAT ou firewall que impede roteios públicos Conexões TCP / IP ao seu servidor (para clientes capazes de se conectar a Tais servidores). Outro é o que torna o seu servidor de armazenamento acessível Através de uma rede de anonimato pode oferecer uma melhor proteção para sua Clientes que usam essa rede de anonimato para proteger seus anonimato.

3. O operador do servidor de armazenamento não se preocupa em proteger seu próprio anonimato nem Para ajudar os clientes a proteger o deles. Pare de ler este documento e execute Seu servidor de armazenamento Tahoe-LAFS usando TCP / IP com roteamento público.

Veja esta página do Tor Project para obter mais informações sobre Tor Hidden Services: Https://www.torproject.org/docs/hidden-services.html.pt

Veja esta página do Projeto I2P para obter mais informações sobre o I2P: Https://geti2p.net/en/about/intro

Dependências de software

Tor

Os clientes que desejam se conectar a servidores baseados em Tor devem instalar o seguinte.

• Tor (tor) deve ser instalado. Veja aqui: Https://www.torproject.org/docs/installguide.html.en. No Debian / Ubuntu, Use apt-get install tor. Você também pode instalar e executar o navegador Tor Agrupar.

• Tahoe-LAFS deve ser instalado com o [tor] "extra" habilitado. Isso vai Instale txtorcon ::

Pip install tahoe-lafs [tor]

Os servidores Tor-configurados manualmente devem instalar Tor, mas não precisam Txtorcon ou o [tor] extra. Configuração automática, quando Implementado, vai precisar destes, assim como os clientes.

I2P

Os clientes que desejam se conectar a servidores baseados em I2P devem instalar o seguinte. Tal como acontece com Tor, os servidores baseados em I2P configurados manualmente precisam do daemon I2P, mas Não há bibliotecas especiais de apoio Tahoe-side.

• I2P deve ser instalado. Veja aqui: Https://geti2p.net/en/download

• A API SAM deve estar habilitada.

• Inicie o I2P.

• Visite http://127.0.0.1:7657/configclients no seu navegador.
• Em "Configuração do Cliente", marque a opção "Executar no Startup?" Caixa para "SAM Ponte de aplicação ".
• Clique em "Salvar Configuração do Cliente".

• Clique no controle "Iniciar" para "ponte de aplicação SAM" ou reinicie o I2P.

• Tahoe-LAFS deve ser instalado com o [i2p] extra habilitado, para obter Txi2p ::

Pip install tahoe-lafs [i2p]

Tor e I2P

Os clientes que desejam se conectar a servidores baseados em Tor e I2P devem instalar tudo acima. Em particular, Tahoe-LAFS deve ser instalado com ambos Extras habilitados ::

Pip install tahoe-lafs [tor, i2p]

Configuração de conexão

Consulte: ref: Connection Management para uma descrição do[tor]e [I2p] seções de tahoe.cfg. Estes controlam como o cliente Tahoe Conecte-se a um daemon Tor / I2P e, assim, faça conexões com Tor / I2P-baseadas Servidores.

As seções [tor] e [i2p] só precisam ser modificadas para serem usadas de forma incomum Configurações ou para habilitar a configuração automática do servidor.

A configuração padrão tentará entrar em contato com um daemon local Tor / I2P Ouvindo as portas usuais (9050/9150 para Tor, 7656 para I2P). Enquanto Há um daemon em execução no host local e o suporte necessário Bibliotecas foram instaladas, os clientes poderão usar servidores baseados em Tor Sem qualquer configuração especial.

No entanto, note que esta configuração padrão não melhora a Anonimato: as conexões TCP normais ainda serão feitas em qualquer servidor que Oferece um endereço regular (cumpre o segundo caso de uso do cliente acima, não o terceiro). Para proteger o anonimato, os usuários devem configurar o [Connections] da seguinte maneira:

[Conexões] Tcp = tor

Com isso, o cliente usará Tor (em vez de um IP-address -reviração de conexão direta) para alcançar servidores baseados em TCP.

Configuração de anonimato

Tahoe-LAFS fornece uma configuração "flag de segurança" para indicar explicitamente Seja necessário ou não a privacidade do endereço IP para um nó ::

[nó] Revelar-IP-address = (booleano, opcional)

Quando revelar-IP-address = False, Tahoe-LAFS se recusará a iniciar se algum dos As opções de configuração em tahoe.cfg revelariam a rede do nó localização:

• [Conexões] tcp = tor é necessário: caso contrário, o cliente faria Conexões diretas para o Introdução, ou qualquer servidor baseado em TCP que aprende Do Introdutor, revelando seu endereço IP para esses servidores e um Rede de espionagem. Com isso, Tahoe-LAFS só fará Conexões de saída através de uma rede de anonimato suportada.

• Tub.location deve ser desativado ou conter valores seguros. este O valor é anunciado para outros nós através do Introdutor: é como um servidor Anuncia sua localização para que os clientes possam se conectar a ela. No modo privado, ele É um erro para incluir um tcp: dica no tub.location. Modo privado Rejeita o valor padrão de tub.location (quando a chave está faltando Inteiramente), que é AUTO, que usa ifconfig para adivinhar o nó Endereço IP externo, o que o revelaria ao servidor e a outros clientes.

Esta opção é ** crítica ** para preservar o anonimato do cliente (cliente Caso de uso 3 de "Casos de uso", acima). Também é necessário preservar uma Anonimato do servidor (caso de uso do servidor 3).

Esse sinalizador pode ser configurado (para falso), fornecendo o argumento --hide-ip para Os comandos create-node, create-client ou create-introducer.

Observe que o valor padrão de revelar-endereço IP é verdadeiro, porque Infelizmente, esconder o endereço IP do nó requer software adicional para ser Instalado (conforme descrito acima) e reduz o desempenho.

Anonimato do cliente

Para configurar um nó de cliente para anonimato, tahoe.cfg ** deve ** conter o Seguindo as bandeiras de configuração ::

[nó] Revelar-IP-address = False Tub.port = desativado Tub.location = desativado

Uma vez que o nodo Tahoe-LAFS foi reiniciado, ele pode ser usado anonimamente (cliente Caso de uso 3).

Anonimato do servidor, configuração manual

Para configurar um nó de servidor para ouvir em uma rede de anonimato, devemos primeiro Configure Tor para executar um "Serviço de cebola" e encaminhe as conexões de entrada para o Porto Tahoe local. Então, configuramos Tahoe para anunciar o endereço .onion Aos clientes. Também configuramos Tahoe para não fazer conexões TCP diretas.

• Decida em um número de porta de escuta local, chamado PORT. Isso pode ser qualquer não utilizado Porta de cerca de 1024 até 65535 (dependendo do kernel / rede do host Config). Nós diremos a Tahoe para escutar nesta porta, e nós diremos a Tor para Encaminhe as conexões de entrada para ele.
• Decida em um número de porta externo, chamado VIRTPORT. Isso será usado no Localização anunciada e revelada aos clientes. Pode ser qualquer número de 1 Para 65535. Pode ser o mesmo que PORT, se quiser.
• Decida em um "diretório de serviço oculto", geralmente em / var / lib / tor / NAME. Pediremos a Tor para salvar o estado do serviço de cebola aqui, e Tor irá Escreva o endereço .onion aqui depois que ele for gerado.

Em seguida, faça o seguinte:

• Crie o nó do servidor Tahoe (com tahoe create-node), mas não ** não ** Lança-o ainda.

• Edite o arquivo de configuração Tor (normalmente em / etc / tor / torrc). Precisamos adicionar Uma seção para definir o serviço oculto. Se nossa PORT for 2000, VIRTPORT é 3000, e estamos usando / var / lib / tor / tahoe como o serviço oculto Diretório, a seção deve se parecer com ::

  HiddenServiceDir / var / lib / tor / tahoe HiddenServicePort 3000 127.0.0.1:2000

• Reinicie Tor, com systemctl restart tor. Aguarde alguns segundos.

• Leia o arquivo hostname no diretório de serviço oculto (por exemplo, / Var / lib / tor / tahoe / hostname). Este será um endereço .onion, como U33m4y7klhz3b.onion. Ligue para esta CEBOLA.

• Edite tahoe.cfg para configurar tub.port para usar Tcp: PORT: interface = 127.0.0.1 e tub.location para usar Tor: ONION.onion: VIRTPORT. Usando os exemplos acima, isso seria ::

  [nó] Revelar-endereço IP = falso Tub.port = tcp: 2000: interface = 127.0.0.1 Tub.location = tor: u33m4y7klhz3b.onion: 3000 [Conexões] Tcp = tor

• Inicie o servidor Tahoe com tahoe start $ NODEDIR

A seção tub.port fará com que o servidor Tahoe ouça no PORT, mas Ligue o soquete de escuta à interface de loopback, que não é acessível Do mundo exterior (mas * é * acessível pelo daemon Tor local). Então o A seção tcp = tor faz com que Tahoe use Tor quando se conecta ao Introdução, escondendo o endereço IP. O nó se anunciará a todos Clientes que usam `tub.location``, então os clientes saberão que devem usar o Tor Para alcançar este servidor (e não revelar seu endereço IP através do anúncio). Quando os clientes se conectam ao endereço da cebola, seus pacotes serão Atravessar a rede de anonimato e eventualmente aterrar no Tor local Daemon, que então estabelecerá uma conexão com PORT no localhost, que é Onde Tahoe está ouvindo conexões.

Siga um processo similar para construir um servidor Tahoe que escuta no I2P. o O mesmo processo pode ser usado para ouvir tanto o Tor como o I2P (tub.location = Tor: ONION.onion: VIRTPORT, i2p: ADDR.i2p). Também pode ouvir tanto Tor como TCP simples (caso de uso 2), com tub.port = tcp: PORT, tub.location = Tcp: HOST: PORT, tor: ONION.onion: VIRTPORT e anonymous = false (e omite A configuração tcp = tor, já que o endereço já está sendo transmitido através de O anúncio de localização).

Anonimato do servidor, configuração automática

Para configurar um nó do servidor para ouvir em uma rede de anonimato, crie o Nó com a opção --listen = tor. Isso requer uma configuração Tor que Ou lança um novo daemon Tor, ou tem acesso à porta de controle Tor (e Autoridade suficiente para criar um novo serviço de cebola). Nos sistemas Debian / Ubuntu, faça Apt install tor, adicione-se ao grupo de controle com adduser YOURUSERNAME debian-tor e, em seguida, inicie sessão e faça o login novamente: se os groups O comando inclui debian-tor na saída, você deve ter permissão para Use a porta de controle de domínio unix em / var / run / tor / control.

Esta opção irá definir revelar-IP-address = False e [connections] tcp = Tor. Ele alocará as portas necessárias, instruirá Tor para criar a cebola Serviço (salvando a chave privada em algum lugar dentro de NODEDIR / private /), obtenha O endereço .onion e preencha tub.port e tub.location corretamente.

Problemas de desempenho e segurança

Se você estiver executando um servidor que não precisa ser Anônimo, você deve torná-lo acessível através de uma rede de anonimato ou não? Ou você pode torná-lo acessível * ambos * através de uma rede de anonimato E como um servidor TCP / IP rastreável publicamente?

Existem várias compensações efetuadas por esta decisão.

Penetração NAT / Firewall

Fazer com que um servidor seja acessível via Tor ou I2P o torna acessível (por Clientes compatíveis com Tor / I2P) mesmo que existam NAT ou firewalls que impeçam Conexões TCP / IP diretas para o servidor.

Anonimato

Tornar um servidor Tahoe-LAFS acessível * somente * via Tor ou I2P pode ser usado para Garanta que os clientes Tahoe-LAFS usem Tor ou I2P para se conectar (Especificamente, o servidor só deve anunciar endereços Tor / I2P no Chave de configuração tub.location). Isso evita que os clientes mal configurados sejam Desingonizando-se acidentalmente, conectando-se ao seu servidor através de A Internet rastreável.

Claramente, um servidor que está disponível como um serviço Tor / I2P * e * a O endereço TCP regular não é anônimo: o endereço do .on e o real O endereço IP do servidor é facilmente vinculável.

Além disso, a interação, através do Tor, com um Tor Oculto pode ser mais Protegido da análise do tráfego da rede do que a interação, através do Tor, Com um servidor TCP / IP com rastreamento público

** XXX há um documento mantido pelos desenvolvedores de Tor que comprovem ou refutam essa crença? Se assim for, precisamos ligar a ele. Caso contrário, talvez devêssemos explicar mais aqui por que pensamos isso? **

Linkability

A partir de 1.12.0, o nó usa uma única chave de banheira persistente para saída Conexões ao Introdutor e conexões de entrada para o Servidor de Armazenamento (E Helper). Para os clientes, uma nova chave Tub é criada para cada servidor de armazenamento Nós aprendemos sobre, e essas chaves são * não * persistiram (então elas mudarão cada uma delas Tempo que o cliente reinicia).

Clientes que atravessam diretórios (de rootcap para subdiretório para filecap) são É provável que solicitem os mesmos índices de armazenamento (SIs) na mesma ordem de cada vez. Um cliente conectado a vários servidores irá pedir-lhes todos para o mesmo SI em Quase ao mesmo tempo. E dois clientes que compartilham arquivos ou diretórios Irá visitar os mesmos SI (em várias ocasiões).

Como resultado, as seguintes coisas são vinculáveis, mesmo com revelar-endereço IP = Falso:

• Servidores de armazenamento podem vincular reconhecer várias conexões do mesmo Cliente ainda não reiniciado. (Observe que o próximo recurso de Contabilidade pode Faz com que os clientes apresentem uma chave pública persistente do lado do cliente quando Conexão, que será uma ligação muito mais forte).
• Os servidores de armazenamento provavelmente podem deduzir qual cliente está acessando dados, por Olhando as SIs sendo solicitadas. Vários servidores podem conciliar Determine que o mesmo cliente está falando com todos eles, mesmo que o TubIDs são diferentes para cada conexão.
• Os servidores de armazenamento podem deduzir quando dois clientes diferentes estão compartilhando dados.
• O Introdutor pode entregar diferentes informações de servidor para cada um Cliente subscrito, para particionar clientes em conjuntos distintos de acordo com Quais as conexões do servidor que eles eventualmente fazem. Para clientes + nós de servidor, ele Também pode correlacionar o anúncio do servidor com o cliente deduzido identidade.

atuação

Um cliente que se conecta a um servidor Tahoe-LAFS com rastreamento público através de Tor Incorrem em latência substancialmente maior e, às vezes, pior Mesmo cliente se conectando ao mesmo servidor através de um TCP / IP rastreável normal conexão. Quando o servidor está em um Tor Hidden Service, ele incorre ainda mais Latência e, possivelmente, ainda pior rendimento.

Conectando-se a servidores Tahoe-LAFS que são servidores I2P incorrem em maior latência E pior rendimento também.

Efeitos positivos e negativos em outros usuários Tor

O envio de seu tráfego Tahoe-LAFS sobre o Tor adiciona tráfego de cobertura para outros Tor usuários que também estão transmitindo dados em massa. Então isso é bom para Eles - aumentando seu anonimato.

No entanto, torna o desempenho de outros usuários do Tor Sessões - por exemplo, sessões ssh - muito pior. Isso é porque Tor Atualmente não possui nenhuma prioridade ou qualidade de serviço Recursos, para que as teclas de Ssh de outra pessoa possam ter que esperar na fila Enquanto o conteúdo do arquivo em massa é transmitido. O atraso adicional pode Tornar as sessões interativas de outras pessoas inutilizáveis.

Ambos os efeitos são duplicados se você carregar ou baixar arquivos para um Tor Hidden Service, em comparação com se você carregar ou baixar arquivos Over Tor para um servidor TCP / IP com rastreamento público

Efeitos positivos e negativos em outros usuários do I2P

Enviar seu tráfego Tahoe-LAFS ao I2P adiciona tráfego de cobertura para outros usuários do I2P Que também estão transmitindo dados. Então, isso é bom para eles - aumentando sua anonimato. Não prejudicará diretamente o desempenho de outros usuários do I2P Sessões interativas, porque a rede I2P possui vários controles de congestionamento e Recursos de qualidade de serviço, como priorizar pacotes menores.

No entanto, se muitos usuários estão enviando tráfego Tahoe-LAFS ao I2P e não tiverem Seus roteadores I2P configurados para participar de muito tráfego, então o I2P A rede como um todo sofrerá degradação. Cada roteador Tahoe-LAFS que usa o I2P tem Seus próprios túneis de anonimato que seus dados são enviados. Em média, um O nó Tahoe-LAFS requer 12 outros roteadores I2P para participar de seus túneis.

Portanto, é importante que o seu roteador I2P esteja compartilhando a largura de banda com outros Roteadores, para que você possa retornar enquanto usa o I2P. Isso nunca prejudicará a Desempenho de seu nó Tahoe-LAFS, porque seu roteador I2P sempre Priorize seu próprio tráfego.

=========================

Como configurar um servidor

Muitos nós Tahoe-LAFS são executados como "servidores", o que significa que eles fornecem serviços para Outras máquinas (isto é, "clientes"). Os dois tipos mais importantes são os Introdução e Servidores de armazenamento.

Para ser útil, os servidores devem ser alcançados pelos clientes. Os servidores Tahoe podem ouvir Em portas TCP e anunciar sua "localização" (nome do host e número da porta TCP) Para que os clientes possam se conectar a eles. Eles também podem ouvir os serviços de cebola "Tor" E portas I2P.

Os servidores de armazenamento anunciam sua localização ao anunciá-lo ao Introdutivo, Que então transmite a localização para todos os clientes. Então, uma vez que a localização é Determinado, você não precisa fazer nada de especial para entregá-lo.

O próprio apresentador possui uma localização, que deve ser entregue manualmente a todos Servidores de armazenamento e clientes. Você pode enviá-lo para os novos membros do seu grade. Esta localização (juntamente com outros identificadores criptográficos importantes) é Escrito em um arquivo chamado private / introducer.furl no Presenter's Diretório básico, e deve ser fornecido como o argumento --introducer = para Tahoe create-node ou tahoe create-node.

O primeiro passo ao configurar um servidor é descobrir como os clientes irão alcançar. Então você precisa configurar o servidor para ouvir em algumas portas, e Depois configure a localização corretamente.

Configuração manual

Cada servidor tem duas configurações em seu arquivo tahoe.cfg: tub.port, e Tub.location. A "porta" controla o que o nó do servidor escuta: isto Geralmente é uma porta TCP.

A "localização" controla o que é anunciado para o mundo exterior. Isto é um "Sugestão de conexão foolscap", e inclui tanto o tipo de conexão (Tcp, tor ou i2p) e os detalhes da conexão (nome do host / endereço, porta número). Vários proxies, gateways e redes de privacidade podem ser Envolvido, então não é incomum para tub.port e tub.location para olhar diferente.

Você pode controlar diretamente a configuração tub.port e tub.location Configurações, fornecendo --port = e --location = ao executar tahoe Create-node.

Configuração automática

Em vez de fornecer --port = / - location =, você pode usar --listen =. Os servidores podem ouvir em TCP, Tor, I2P, uma combinação desses ou nenhum. O argumento --listen = controla quais tipos de ouvintes o novo servidor usará.

--listen = none significa que o servidor não deve ouvir nada. Isso não Faz sentido para um servidor, mas é apropriado para um nó somente cliente. o O comando tahoe create-client inclui automaticamente --listen = none.

--listen = tcp é o padrão e liga uma porta de escuta TCP padrão. Usar --listen = tcp requer um argumento --hostname = também, que será Incorporado no local anunciado do nó. Descobrimos que os computadores Não pode determinar de forma confiável seu nome de host acessível externamente, então, em vez de Ter o servidor adivinhar (ou escanear suas interfaces para endereços IP Isso pode ou não ser apropriado), a criação de nó requer que o usuário Forneça o nome do host.

--listen = tor conversará com um daemon Tor local e criará uma nova "cebola" Servidor "(que se parece comalzrgrdvxct6c63z.onion). --listen = i2p` conversará com um daemon I2P local e criará um novo servidor endereço. Consulte: doc:anonymity-configuration` para obter detalhes.

Você pode ouvir nos três usando --listen = tcp, tor, i2p.

Cenários de implantação

A seguir, alguns cenários sugeridos para configurar servidores usando Vários transportes de rede. Estes exemplos não incluem a especificação de um Apresentador FURL que normalmente você gostaria quando provisionamento de armazenamento Nós. Para estes e outros detalhes de configuração, consulte : Doc: configuration.

. `Servidor possui um nome DNS público '

. Servidor possui um endereço público IPv4 / IPv6_

. O servidor está por trás de um firewall com encaminhamento de porta_

. Usando o I2P / Tor para evitar o encaminhamento da porta_

O servidor possui um nome DNS público

O caso mais simples é o local onde o host do servidor está diretamente conectado ao Internet, sem um firewall ou caixa NAT no caminho. A maioria dos VPS (Virtual Private Servidor) e servidores colocados são assim, embora alguns fornecedores bloqueiem Muitas portas de entrada por padrão.

Para esses servidores, tudo o que você precisa saber é o nome do host externo. O sistema O administrador irá dizer-lhe isso. O principal requisito é que este nome de host Pode ser pesquisado no DNS, e ele será mapeado para um endereço IPv4 ou IPv6 que Alcançará a máquina.

Se o seu nome de host for example.net, então você criará o introdutor como esta::

Tahoe create-introducer --hostname example.com ~ / introducer

Ou um servidor de armazenamento como ::

Tahoe create-node --hostname = example.net

Estes irão alocar uma porta TCP (por exemplo, 12345), atribuir tub.port para ser Tcp: 12345 e tub.location serão tcp: example.com: 12345.

Idealmente, isso também deveria funcionar para hosts compatíveis com IPv6 (onde o nome DNS Fornece um registro "AAAA", ou ambos "A" e "AAAA"). No entanto Tahoe-LAFS O suporte para IPv6 é novo e ainda pode ter problemas. Por favor, veja o ingresso # 867_ para detalhes.

.. _ # 867: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/867

O servidor possui um endereço público IPv4 / IPv6

Se o host tiver um endereço IPv4 (público) rotativo (por exemplo, 203.0.113.1```), mas Nenhum nome DNS, você precisará escolher uma porta TCP (por exemplo, 3457``) e usar o Segue::

Tahoe create-node --port = tcp: 3457 - localização = tcp: 203.0.113.1: 3457

--port é uma "string de especificação de ponto de extremidade" que controla quais locais Porta em que o nó escuta. --location é a "sugestão de conexão" que ele Anuncia para outros, e descreve as conexões de saída que essas Os clientes irão fazer, por isso precisa trabalhar a partir da sua localização na rede.

Os nós Tahoe-LAFS escutam em todas as interfaces por padrão. Quando o host é Multi-homed, você pode querer fazer a ligação de escuta ligar apenas a uma Interface específica, adicionando uma opção interface = ao --port = argumento::

Tahoe create-node --port = tcp: 3457: interface = 203.0.113.1 - localização = tcp: 203.0.113.1: 3457

Se o endereço público do host for IPv6 em vez de IPv4, use colchetes para Envolva o endereço e altere o tipo de nó de extremidade para tcp6 ::

Tahoe create-node --port = tcp6: 3457 - localização = tcp: [2001: db8 :: 1]: 3457

Você pode usar interface = para vincular a uma interface IPv6 específica também, no entanto Você deve fazer uma barra invertida - escapar dos dois pontos, porque, de outra forma, eles são interpretados Como delimitadores pelo idioma de especificação do "ponto final" torcido. o --location = argumento não precisa de dois pontos para serem escapados, porque eles são Envolto pelos colchetes ::

Tahoe create-node --port = tcp6: 3457: interface = 2001 \: db8 \: \: 1 --location = tcp: [2001: db8 :: 1]: 3457

Para hosts somente IPv6 com registros DNS AAAA, se o simples --hostname = A configuração não funciona, eles podem ser informados para ouvir especificamente Porta compatível com IPv6 com este ::

Tahoe create-node --port = tcp6: 3457 - localização = tcp: example.net: 3457

O servidor está por trás de um firewall com encaminhamento de porta

Para configurar um nó de armazenamento por trás de um firewall com encaminhamento de porta, você irá precisa saber:

• Endereço IPv4 público do roteador
• A porta TCP que está disponível de fora da sua rede
• A porta TCP que é o destino de encaminhamento
• Endereço IPv4 interno do nó de armazenamento (o nó de armazenamento em si é Desconhece esse endereço e não é usado durante tahoe create-node, Mas o firewall deve ser configurado para enviar conexões para isso)

Os números de porta TCP internos e externos podem ser iguais ou diferentes Dependendo de como o encaminhamento da porta está configurado. Se é mapear portas 1-para-1, eo endereço IPv4 público do firewall é 203.0.113.1 (e Talvez o endereço IPv4 interno do nó de armazenamento seja 192.168.1.5), então Use um comando CLI como este ::

Tahoe create-node --port = tcp: 3457 - localização = tcp: 203.0.113.1: 3457

Se no entanto, o firewall / NAT-box encaminha a porta externa * 6656 * para o interno Porta 3457, então faça isso ::

Tahoe create-node --port = tcp: 3457 - localização = tcp: 203.0.113.1: 6656

Usando o I2P / Tor para evitar o encaminhamento da porta

Os serviços de cebola I2P e Tor, entre outras excelentes propriedades, também fornecem NAT Penetração sem encaminhamento de porta, nomes de host ou endereços IP. Então, configurando Um servidor que escuta apenas no Tor é simples ::

Tahoe create-node --listen = tor

Para mais informações sobre o uso de Tahoe-LAFS com I2p e Tor veja : Doc: anonymity-configuration

@ 39cc53c9:27168656

Read the original blog post

Know Your Customer is a regulation that requires companies of all sizes to verify the identity, suitability, and risks involved with maintaining a business relationship with a customer. Such procedures fit within the broader scope of anti-money laundering (AML) and counterterrorism financing (CTF) regulations.

Banks, exchanges, online business, mail providers, domain registrars... Everyone wants to know who you are before you can even opt for their service. Your personal information is flowing around the internet in the hands of "god-knows-who" and secured by "trust-me-bro military-grade encryption". Once your account is linked to your personal (and verified) identity, tracking you is just as easy as keeping logs on all these platforms.

Rights for Illusions

KYC processes aim to combat terrorist financing, money laundering, and other illicit activities. On the surface, KYC seems like a commendable initiative. I mean, who wouldn't want to halt terrorists and criminals in their tracks?

The logic behind KYC is: "If we mandate every financial service provider to identify their users, it becomes easier to pinpoint and apprehend the malicious actors."

However, terrorists and criminals are not precisely lining up to be identified. They're crafty. They may adopt false identities or find alternative strategies to continue their operations. Far from being outwitted, many times they're several steps ahead of regulations. Realistically, KYC might deter a small fraction – let's say about 1% ^1 – of these malefactors. Yet, the cost? All of us are saddled with the inconvenient process of identification just to use a service.

Under the rhetoric of "ensuring our safety", governments and institutions enact regulations that seem more out of a dystopian novel, gradually taking away our right to privacy.

To illustrate, consider a city where the mayor has rolled out facial recognition cameras in every nook and cranny. A band of criminals, intent on robbing a local store, rolls in with a stolen car, their faces obscured by masks and their bodies cloaked in all-black clothes. Once they've committed the crime and exited the city's boundaries, they switch vehicles and clothes out of the cameras' watchful eyes. The high-tech surveillance? It didn’t manage to identify or trace them. Yet, for every law-abiding citizen who merely wants to drive through the city or do some shopping, their movements and identities are constantly logged. The irony? This invasive tracking impacts all of us, just to catch the 1% ^1 of less-than-careful criminals.

KYC? Not you.

KYC creates barriers to participation in normal economic activity, to supposedly stop criminals. ^2

KYC puts barriers between many users and businesses. One of these comes from the fact that the process often requires multiple forms of identification, proof of address, and sometimes even financial records. For individuals in areas with poor record-keeping, non-recognized legal documents, or those who are unbanked, homeless or transient, obtaining these documents can be challenging, if not impossible.

For people who are not skilled with technology or just don't have access to it, there's also a barrier since KYC procedures are mostly online, leaving them inadvertently excluded.

Another barrier goes for the casual or one-time user, where they might not see the value in undergoing a rigorous KYC process, and these requirements can deter them from using the service altogether.

It also wipes some businesses out of the equation, since for smaller businesses, the costs associated with complying with KYC norms—from the actual process of gathering and submitting documents to potential delays in operations—can be prohibitive in economical and/or technical terms.

You're not welcome

Imagine a swanky new club in town with a strict "members only" sign. You hear the music, you see the lights, and you want in. You step up, ready to join, but suddenly there's a long list of criteria you must meet. After some time, you are finally checking all the boxes. But then the club rejects your membership with no clear reason why. You just weren't accepted. Frustrating, right?

This club scenario isn't too different from the fact that KYC is being used by many businesses as a convenient gatekeeping tool. A perfect excuse based on a "legal" procedure they are obliged to.

Even some exchanges may randomly use this to freeze and block funds from users, claiming these were "flagged" by a cryptic system that inspects the transactions. You are left hostage to their arbitrary decision to let you successfully pass the KYC procedure. If you choose to sidestep their invasive process, they might just hold onto your funds indefinitely.

Your identity has been stolen

KYC data has been found to be for sale on many dark net markets^3. Exchanges may have leaks or hacks, and such leaks contain very sensitive data. We're talking about the full monty: passport or ID scans, proof of address, and even those awkward selfies where you're holding up your ID next to your face. All this data is being left to the mercy of the (mostly) "trust-me-bro" security systems of such companies. Quite scary, isn't it?

As cheap as $10 for 100 documents, with discounts applying for those who buy in bulk, the personal identities of innocent users who passed KYC procedures are for sale. ^3

In short, if you have ever passed the KYC/AML process of a crypto exchange, your privacy is at risk of being compromised, or it might even have already been compromised.

(they) Know Your Coins

You may already know that Bitcoin and most cryptocurrencies have a transparent public blockchain, meaning that all data is shown unencrypted for everyone to see and recorded forever. If you link an address you own to your identity through KYC, for example, by sending an amount from a KYC exchange to it, your Bitcoin is no longer pseudonymous and can then be traced.

If, for instance, you send Bitcoin from such an identified address to another KYC'ed address (say, from a friend), everyone having access to that address-identity link information (exchanges, governments, hackers, etc.) will be able to associate that transaction and know who you are transacting with.

Conclusions

To sum up, KYC does not protect individuals; rather, it's a threat to our privacy, freedom, security and integrity. Sensible information flowing through the internet is thrown into chaos by dubious security measures. It puts borders between many potential customers and businesses, and it helps governments and companies track innocent users. That's the chaos KYC has stirred.

The criminals are using stolen identities from companies that gathered them thanks to these very same regulations that were supposed to combat them. Criminals always know how to circumvent such regulations. In the end, normal people are the most affected by these policies.

The threat that KYC poses to individuals in terms of privacy, security and freedom is not to be neglected. And if we don’t start challenging these systems and questioning their efficacy, we are just one step closer to the dystopian future that is now foreseeable.

Edited 20/03/2024 * Add reference to the 1% statement on Rights for Illusions section to an article where Chainalysis found that only 0.34% of the transaction volume with cryptocurrencies in 2023 was attributable to criminal activity ^1

@ 9f38a97e:c41d3606

O universo dos jogos online tem evoluído constantemente, oferecendo experiências cada vez mais envolventes e personalizadas. Nesse cenário competitivo, a KZ999 se destaca como uma plataforma inovadora, segura e cheia de opções para quem busca entretenimento de qualidade e oportunidades reais de ganhos. Desde sua chegada ao mercado, a KZ999 vem conquistando os jogadores brasileiros com sua interface moderna, atendimento eficiente e ampla variedade de jogos emocionantes.

Introdução à Plataforma KZ999 A KZ999 é uma plataforma digital criada para atender às demandas de jogadores exigentes, que valorizam não apenas a diversão, mas também a segurança, a facilidade de uso e o suporte de qualidade. Com um design responsivo e otimizado para dispositivos móveis, o site funciona perfeitamente tanto em computadores quanto em smartphones, garantindo acesso rápido e prático de qualquer lugar.

O processo de cadastro na plataforma é simples e rápido, permitindo que novos usuários comecem a jogar em poucos minutos. Além disso, a kz999oferece suporte a métodos de pagamento modernos e populares no Brasil, como o PIX, o que facilita as transações e proporciona mais agilidade no dia a dia dos jogadores.

Diversidade de Jogos para Todos os Perfis Um dos principais atrativos da KZ999 é a sua extensa biblioteca de jogos. A plataforma oferece uma variedade impressionante de opções que atendem tanto os novatos quanto os jogadores mais experientes. Entre os destaques estão:

Jogos de mesa clássicos, como roleta, pôquer e blackjack, todos com gráficos de alta definição e recursos interativos que simulam uma experiência realista.

Slots modernos e temáticos, com animações vibrantes, efeitos sonoros imersivos e bônus especiais que aumentam as chances de ganhar.

Jogos ao vivo, em que o jogador pode interagir em tempo real com crupiês profissionais e outros participantes, trazendo mais emoção e autenticidade à experiência.

Minigames e jogos instantâneos, ideais para quem busca partidas rápidas e dinâmicas, com regras simples e diversão garantida.

Os títulos disponíveis na KZ999 são desenvolvidos por provedores reconhecidos internacionalmente, o que assegura qualidade, justiça nos resultados e constante atualização de conteúdo.

Experiência do Jogador: Segurança, Suporte e Recompensas A KZ999 não se preocupa apenas em oferecer jogos de qualidade. A experiência do usuário é tratada com prioridade, e por isso a plataforma investe fortemente em segurança digital, utilizando sistemas de criptografia avançados para proteger os dados e transações de seus usuários.

Outro ponto positivo é o suporte ao cliente, disponível 24 horas por dia, com atendimento em português. Seja por chat ao vivo ou por e-mail, a equipe da KZ999 está sempre pronta para resolver dúvidas, orientar sobre promoções ou ajudar com questões técnicas.

Falando em promoções, os jogadores da KZ999 têm acesso a bônus atrativos e programas de fidelidade, que recompensam o tempo dedicado à plataforma. Desde bônus de boas-vindas até ofertas semanais, a KZ999 valoriza cada usuário e busca criar um ambiente de engajamento contínuo.

Conclusão A KZ999 chega ao mercado brasileiro como uma plataforma completa e confiável, ideal para quem busca entretenimento de qualidade, variedade de jogos e uma experiência segura. Com uma navegação fluida, suporte dedicado e constantes atualizações, a KZ999 promete se consolidar como referência no cenário de jogos online do Brasil.

@ 68c90cf3:99458f5c

I have two Nostr profiles I use for different subject matter, and I wanted a way to manage and track zaps for each. Using Alby Hub I created two isolated Lightning wallets each associated with one of the profile’s nsecs.

YakiHonne made it easy to connect the associated wallets with the profiles. The user interface is well designed to show balances for each.

In my case, I have one profile for photography related content, and the other for Bitcoin, Nostr, and technology related content. I can easily switch between the two, sending and receiving zaps on each while staying up to date on balances and viewing transactions.

Using my self-hosted Alby Hub I can manage Lightning channels and wallets while sending and receiving zaps for multiple profiles with YakiHonne.

YakiHonne #AlbyHub #Lightning #Bitcoin #Nostr

@ b9f4c34d:7d1a0e31

Test Video Document

@ 2b24a1fa:17750f64

Die Satire Muxmäuchenstill von 2004 erzählt die Geschichte des 30-jährigen Mux, der seine Mitbürgern zu mehr Verantwortungsbewusstsein erziehen möchte. Dazu stellt er Raser, Schwarzfahrer, Graffiti-Sprüher, Falschparker, Ladendiebe und Vergewaltiger, konfrontiert sie mit ihrem Verhalten und bestraft sie.

https://soundcloud.com/radiomuenchen/muxmauschenstill-x-interview-mit-jan-henrik-stahlberg?

Als Mitstreiter gewinnt er Arbeits- und Obdachlose. Mux’ fanatische Ein-Mann-Mission wächst zu einem kleinen Unternehmen. Auch privat kann er seinen Moralismus nicht zügeln und erschießt seine Freundin. Am Ende des Films wird er von einem Raser überfahren.

Ab 1. Mai läuft die Fortsetzung in den Kinos: Muxmäuschenstill X: muxfilm.de/. Nach zwanzig Jahre Wachkoma findet sich Mux in einer Welt wieder, die er nicht mehr versteht: dem wunderbaren Neoliberalismus. Wieder möchte Mux die Menschen erziehen. Doch diesmal kämpft er gegen ein System, das alles durchdringt, die Welt spaltet, unsere Lebensgrundlagen zerstört, die Reichen reicher macht und die Armen ärmer. Mux gründet den Muxismus und schart die Aussortierten des Systems um sich.

Drehbuchautor und Hauptdarsteller Jan Henrik Stahlberg führt diesmal auch Regie. Unser Autor Jonny Rieder hat mit Jan Henrik Stahlberg über seinen neuen Film gesprochen. Zunächst wollte er wissen, wo für ihn die Grenze verläuft zwischen Übergriffigkeit und Zivilcourage und wie er Mux hier einordnet.

Bild: Mux Filmproduktion

@ b9f4c34d:7d1a0e31

Testy McTestenface

It's been so long, html

@ 04c915da:3dfbecc9

Capitalism is the most effective system for scaling innovation. The pursuit of profit is an incredibly powerful human incentive. Most major improvements to human society and quality of life have resulted from this base incentive. Market competition often results in the best outcomes for all.

That said, some projects can never be monetized. They are open in nature and a business model would centralize control. Open protocols like bitcoin and nostr are not owned by anyone and if they were it would destroy the key value propositions they provide. No single entity can or should control their use. Anyone can build on them without permission.

As a result, open protocols must depend on donation based grant funding from the people and organizations that rely on them. This model works but it is slow and uncertain, a grind where sustainability is never fully reached but rather constantly sought. As someone who has been incredibly active in the open source grant funding space, I do not think people truly appreciate how difficult it is to raise charitable money and deploy it efficiently.

Projects that can be monetized should be. Profitability is a super power. When a business can generate revenue, it taps into a self sustaining cycle. Profit fuels growth and development while providing projects independence and agency. This flywheel effect is why companies like Google, Amazon, and Apple have scaled to global dominance. The profit incentive aligns human effort with efficiency. Businesses must innovate, cut waste, and deliver value to survive.

Contrast this with non monetized projects. Without profit, they lean on external support, which can dry up or shift with donor priorities. A profit driven model, on the other hand, is inherently leaner and more adaptable. It is not charity but survival. When survival is tied to delivering what people want, scale follows naturally.

The real magic happens when profitable, sustainable businesses are built on top of open protocols and software. Consider the many startups building on open source software stacks, such as Start9, Mempool, and Primal, offering premium services on top of the open source software they build out and maintain. Think of companies like Block or Strike, which leverage bitcoin’s open protocol to offer their services on top. These businesses amplify the open software and protocols they build on, driving adoption and improvement at a pace donations alone could never match.

When you combine open software and protocols with profit driven business the result are lean, sustainable companies that grow faster and serve more people than either could alone. Bitcoin’s network, for instance, benefits from businesses that profit off its existence, while nostr will expand as developers monetize apps built on the protocol.

Capitalism scales best because competition results in efficiency. Donation funded protocols and software lay the groundwork, while market driven businesses build on top. The profit incentive acts as a filter, ensuring resources flow to what works, while open systems keep the playing field accessible, empowering users and builders. Together, they create a flywheel of innovation, growth, and global benefit.

@ b2d670de:907f9d4a

This guide will walk you through setting up your own Strfry Nostr relay on a Debian/Ubuntu server and making it accessible exclusively as a TOR hidden service. By the end, you'll have a privacy-focused relay that operates entirely within the TOR network, enhancing both your privacy and that of your users.

Table of Contents

1. Prerequisites
2. Initial Server Setup
3. Installing Strfry Nostr Relay
4. Configuring Your Relay
5. Setting Up TOR
6. Making Your Relay Available on TOR
7. Testing Your Setup]
8. Maintenance and Security
9. Troubleshooting

Prerequisites

• A Debian or Ubuntu server
• Basic familiarity with command line operations (most steps are explained in detail)
• Root or sudo access to your server

Initial Server Setup

First, let's make sure your server is properly set up and secured.

Update Your System

Connect to your server via SSH and update your system:

bash sudo apt update sudo apt upgrade -y

Set Up a Basic Firewall

Install and configure a basic firewall:

bash sudo apt install ufw -y sudo ufw allow ssh sudo ufw enable

This allows SSH connections while blocking other ports for security.

Installing Strfry Nostr Relay

This guide includes the full range of steps needed to build and set up Strfry. It's simply based on the current version of the DEPLOYMENT.md document in the Strfry GitHub repository. If the build/setup process is changed in the repo, this document could get outdated. If so, please report to me that something is outdated and check for updated steps here.

Install Dependencies

First, let's install the necessary dependencies. Each package serves a specific purpose in building and running Strfry:

bash sudo apt install -y git build-essential libyaml-perl libtemplate-perl libregexp-grammars-perl libssl-dev zlib1g-dev liblmdb-dev libflatbuffers-dev libsecp256k1-dev libzstd-dev

Here's why each dependency is needed:

Basic Development Tools: - git: Version control system used to clone the Strfry repository and manage code updates - build-essential: Meta-package that includes compilers (gcc, g++), make, and other essential build tools

Perl Dependencies (used for Strfry's build scripts): - libyaml-perl: Perl interface to parse YAML configuration files - libtemplate-perl: Template processing system used during the build process - libregexp-grammars-perl: Advanced regular expression handling for Perl scripts

Core Libraries for Strfry: - libssl-dev: Development files for OpenSSL, used for secure connections and cryptographic operations - zlib1g-dev: Compression library that Strfry uses to reduce data size - liblmdb-dev: Lightning Memory-Mapped Database library, which Strfry uses for its high-performance database backend - libflatbuffers-dev: Memory-efficient serialization library for structured data - libsecp256k1-dev: Optimized C library for EC operations on curve secp256k1, essential for Nostr's cryptographic signatures - libzstd-dev: Fast real-time compression algorithm for efficient data storage and transmission

Clone and Build Strfry

Clone the Strfry repository:

bash git clone https://github.com/hoytech/strfry.git cd strfry

Build Strfry:

bash git submodule update --init make setup-golpe make -j2 # This uses 2 CPU cores. Adjust based on your server (e.g., -j4 for 4 cores)

This build process will take several minutes, especially on servers with limited CPU resources, so go get a coffee and post some great memes on nostr in the meantime.

Install Strfry

Install the Strfry binary to your system path:

bash sudo cp strfry /usr/local/bin

This makes the strfry command available system-wide, allowing it to be executed from any directory and by any user with the appropriate permissions.

Configuring Your Relay

Create Strfry User

Create a dedicated user for running Strfry. This enhances security by isolating the relay process:

bash sudo useradd -M -s /usr/sbin/nologin strfry

The -M flag prevents creating a home directory, and -s /usr/sbin/nologin prevents anyone from logging in as this user. This is a security best practice for service accounts.

Create Data Directory

Create a directory for Strfry's data:

bash sudo mkdir /var/lib/strfry sudo chown strfry:strfry /var/lib/strfry sudo chmod 755 /var/lib/strfry

This creates a dedicated directory for Strfry's database and sets the appropriate permissions so that only the strfry user can write to it.

Configure Strfry

Copy the sample configuration file:

bash sudo cp strfry.conf /etc/strfry.conf

Edit the configuration file:

bash sudo nano /etc/strfry.conf

Modify the database path:

```

Find this line:

db = "./strfry-db/"

Change it to:

db = "/var/lib/strfry/" ```

Check your system's hard limit for file descriptors:

bash ulimit -Hn

Update the nofiles setting in your configuration to match this value (or set to 0):

```

Add or modify this line in the config (example if your limit is 524288):

nofiles = 524288 ```

The nofiles setting determines how many open files Strfry can have simultaneously. Setting it to your system's hard limit (or 0 to use the system default) helps prevent "too many open files" errors if your relay becomes popular.

You might also want to customize your relay's information in the config file. Look for the info section and update it with your relay's name, description, and other details.

Set ownership of the configuration file:

bash sudo chown strfry:strfry /etc/strfry.conf

Create Systemd Service

Create a systemd service file for managing Strfry:

bash sudo nano /etc/systemd/system/strfry.service

Add the following content:

```ini [Unit] Description=strfry relay service

[Service] User=strfry ExecStart=/usr/local/bin/strfry relay Restart=on-failure RestartSec=5 ProtectHome=yes NoNewPrivileges=yes ProtectSystem=full LimitCORE=1000000000

[Install] WantedBy=multi-user.target ```

This systemd service configuration: - Runs Strfry as the dedicated strfry user - Automatically restarts the service if it fails - Implements security measures like ProtectHome and NoNewPrivileges - Sets resource limits appropriate for a relay

Enable and start the service:

bash sudo systemctl enable strfry.service sudo systemctl start strfry

Check the service status:

bash sudo systemctl status strfry

Verify Relay is Running

Test that your relay is running locally:

bash curl localhost:7777

You should see a message indicating that the Strfry relay is running. This confirms that Strfry is properly installed and configured before we proceed to set up TOR.

Setting Up TOR

Now let's make your relay accessible as a TOR hidden service.

Install TOR

Install TOR from the package repositories:

bash sudo apt install -y tor

This installs the TOR daemon that will create and manage your hidden service.

Configure TOR

Edit the TOR configuration file:

bash sudo nano /etc/tor/torrc

Scroll down to wherever you see a commented out part like this: ```

HiddenServiceDir /var/lib/tor/hidden_service/

HiddenServicePort 80 127.0.0.1:80

```

Under those lines, add the following lines to set up a hidden service for your relay:

HiddenServiceDir /var/lib/tor/strfry-relay/ HiddenServicePort 80 127.0.0.1:7777

This configuration: - Creates a hidden service directory at /var/lib/tor/strfry-relay/ - Maps port 80 on your .onion address to port 7777 on your local machine - Keeps all traffic encrypted within the TOR network

Create the directory for your hidden service:

bash sudo mkdir -p /var/lib/tor/strfry-relay/ sudo chown debian-tor:debian-tor /var/lib/tor/strfry-relay/ sudo chmod 700 /var/lib/tor/strfry-relay/

The strict permissions (700) are crucial for security as they ensure only the debian-tor user can access the directory containing your hidden service private keys.

Restart TOR to apply changes:

bash sudo systemctl restart tor

Making Your Relay Available on TOR

Get Your Onion Address

After restarting TOR, you can find your onion address:

bash sudo cat /var/lib/tor/strfry-relay/hostname

This will output something like abcdefghijklmnopqrstuvwxyz234567.onion, which is your relay's unique .onion address. This is what you'll share with others to access your relay.

Understanding Onion Addresses

The .onion address is a special-format hostname that is automatically generated based on your hidden service's private key.

Your users will need to use this address with the WebSocket protocol prefix to connect: ws://youronionaddress.onion

Testing Your Setup

Test with a Nostr Client

The best way to test your relay is with an actual Nostr client that supports TOR:

1. Open your TOR browser
2. Go to your favorite client, either on clearnet or an onion service.
   • Check out this list of nostr clients available over TOR.
3. Add your relay URL: ws://youronionaddress.onion to your relay list
4. Try posting a note and see if it appears on your relay
   • In some nostr clients, you can also click on a relay to get information about it like the relay name and description you set earlier in the stryfry config. If you're able to see the correct values for the name and the description, you were able to connect to the relay.
   • Some nostr clients also gives you a status on what relays a note was posted to, this could also give you an indication that your relay works as expected.

Note that not all Nostr clients support TOR connections natively. Some may require additional configuration or use of TOR Browser. E.g. most mobile apps would most likely require a TOR proxy app running in the background (some have TOR support built in too).

Maintenance and Security

Regular Updates

Keep your system, TOR, and relay updated:

```bash

Update system

sudo apt update sudo apt upgrade -y

Update Strfry

cd ~/strfry git pull git submodule update make -j2 sudo cp strfry /usr/local/bin sudo systemctl restart strfry

Verify TOR is still running properly

sudo systemctl status tor ```

Regular updates are crucial for security, especially for TOR which may have security-critical updates.

Database Management

Strfry has built-in database management tools. Check the Strfry documentation for specific commands related to database maintenance, such as managing event retention and performing backups.

Monitoring Logs

To monitor your Strfry logs:

bash sudo journalctl -u strfry -f

To check TOR logs:

bash sudo journalctl -u tor -f

Monitoring logs helps you identify potential issues and understand how your relay is being used.

Backup

This is not a best practices guide on how to do backups. Preferably, backups should be stored either offline or on a different machine than your relay server. This is just a simple way on how to do it on the same server.

```bash

Stop the relay temporarily

sudo systemctl stop strfry

Backup the database

sudo cp -r /var/lib/strfry /path/to/backup/location

Restart the relay

sudo systemctl start strfry ```

Back up your TOR hidden service private key. The private key is particularly sensitive as it defines your .onion address - losing it means losing your address permanently. If you do a backup of this, ensure that is stored in a safe place where no one else has access to it.

bash sudo cp /var/lib/tor/strfry-relay/hs_ed25519_secret_key /path/to/secure/backup/location

Troubleshooting

Relay Not Starting

If your relay doesn't start:

```bash

Check logs

sudo journalctl -u strfry -e

Verify configuration

cat /etc/strfry.conf

Check permissions

ls -la /var/lib/strfry ```

Common issues include: - Incorrect configuration format - Permission problems with the data directory - Port already in use (another service using port 7777) - Issues with setting the nofiles limit (setting it too big)

TOR Hidden Service Not Working

If your TOR hidden service is not accessible:

```bash

Check TOR logs

sudo journalctl -u tor -e

Verify TOR is running

sudo systemctl status tor

Check onion address

sudo cat /var/lib/tor/strfry-relay/hostname

Verify TOR configuration

sudo cat /etc/tor/torrc ```

Common TOR issues include: - Incorrect directory permissions - TOR service not running - Incorrect port mapping in torrc

Testing Connectivity

If you're having trouble connecting to your service:

```bash

Verify Strfry is listening locally

sudo ss -tulpn | grep 7777

Check that TOR is properly running

sudo systemctl status tor

Test the local connection directly

curl --include --no-buffer localhost:7777 ```

---

Privacy and Security Considerations

Running a Nostr relay as a TOR hidden service provides several important privacy benefits:

1. Network Privacy: Traffic to your relay is encrypted and routed through the TOR network, making it difficult to determine who is connecting to your relay.

2. Server Anonymity: The physical location and IP address of your server are concealed, providing protection against denial-of-service attacks and other targeting.

3. Censorship Resistance: TOR hidden services are more resilient against censorship attempts, as they don't rely on the regular DNS system and can't be easily blocked.

4. User Privacy: Users connecting to your relay through TOR enjoy enhanced privacy, as their connections are also encrypted and anonymized.

However, there are some important considerations:

• TOR connections are typically slower than regular internet connections
• Not all Nostr clients support TOR connections natively
• Running a hidden service increases the importance of keeping your server secure

---

Congratulations! You now have a Strfry Nostr relay running as a TOR hidden service. This setup provides a resilient, privacy-focused, and censorship-resistant communication channel that helps strengthen the Nostr network.

For further customization and advanced configuration options, refer to the Strfry documentation.

Consider sharing your relay's .onion address with the Nostr community to help grow the privacy-focused segment of the network!

If you plan on providing a relay service that the public can use (either for free or paid for), consider adding it to this list. Only add it if you plan to run a stable and available relay.

@ 9f38a97e:c41d3606

O universo dos jogos online tem evoluído constantemente, oferecendo experiências cada vez mais envolventes e personalizadas. Nesse cenário competitivo, a KZ999 se destaca como uma plataforma inovadora, segura e cheia de opções para quem busca entretenimento de qualidade e oportunidades reais de ganhos. Desde sua chegada ao mercado, a KZ999 vem conquistando os jogadores brasileiros com sua interface moderna, atendimento eficiente e ampla variedade de jogos emocionantes.

Introdução à Plataforma KZ999 A KZ999 é uma plataforma digital criada para atender às demandas de jogadores exigentes, que valorizam não apenas a diversão, mas também a segurança, a facilidade de uso e o suporte de qualidade. Com um design responsivo e otimizado para dispositivos móveis, o site funciona perfeitamente tanto em computadores quanto em smartphones, garantindo acesso rápido e prático de qualquer lugar.

O processo de cadastro na plataforma é simples e rápido, permitindo que novos usuários comecem a jogar em poucos minutos. Além disso, a yakihonne.com iris.to jumble.social Me

@ 9f38a97e:c41d3606

Se você está em busca de uma plataforma confiável, dinâmica e cheia de opções de entretenimento online, o Pix188 pode ser exatamente o que você procura. Com uma interface moderna, suporte ágil e jogos emocionantes, a plataforma vem conquistando cada vez mais jogadores em todo o Brasil.

O Pix188 é uma plataforma de entretenimento digital que combina tecnologia, facilidade de acesso e uma ampla gama de opções para seus usuários. Com um site responsivo e adaptado tanto para desktop quanto para dispositivos móveis, a navegação é simples, intuitiva e rápida, ideal para quem quer jogar a qualquer hora e em qualquer lugar.

Desde o primeiro acesso, o usuário já percebe o cuidado com os detalhes e o compromisso com a experiência do jogador. O processo de cadastro é rápido e seguro, e os depósitos e saques são feitos via Pix — método preferido dos brasileiros por sua agilidade.

Variedade de Jogos para Todos os Gostos Um dos maiores diferenciais do Pix188 é a diversidade de jogos disponíveis na plataforma. O site reúne os títulos mais populares e desejados pelos jogadores, com gráficos de alta qualidade, excelente jogabilidade e temas variados.

Entre as opções mais procuradas estão:

Slots (Caça-níqueis): Jogos com rodadas rápidas, temas vibrantes e recursos especiais como giros grátis e multiplicadores.

Roleta ao vivo: Para quem gosta de emoção e decisões rápidas, a roleta é uma excelente escolha com versões clássicas e modernas.

Cartas e mesa: Jogos como pôquer, blackjack e bacará estão disponíveis em versões tradicionais e ao vivo, trazendo uma experiência imersiva e realista.

Jogos instantâneos: Com mecânicas simples e resultados rápidos, são ideais para quem busca diversão prática e dinâmica.

O Pix188 também trabalha com provedores de jogos reconhecidos internacionalmente, garantindo qualidade, segurança e atualizações constantes no catálogo.

Experiência do Jogador no Centro de Tudo Mais do que oferecer jogos, o Pix188 se preocupa com toda a jornada do jogador. Desde o momento do cadastro até a retirada de ganhos, tudo é pensado para ser simples e transparente.

O atendimento ao cliente é outro ponto forte: está disponível 24 horas por dia, sete dias por semana, com equipe capacitada para resolver dúvidas e auxiliar em qualquer situação. Os usuários também contam com promoções recorrentes, bônus de boas-vindas e programas de fidelidade que valorizam a permanência na plataforma.

Além disso, o Pix188 investe em tecnologias de segurança avançadas, protegendo os dados dos jogadores e oferecendo um ambiente confiável e protegido.

Conclusão O Pix188 se destaca no cenário nacional por oferecer uma plataforma completa, segura e repleta de opções para quem busca entretenimento digital de qualidade. Com uma interface moderna, suporte eficiente e um catálogo de jogos diversificado, é uma excelente escolha tanto para iniciantes quanto para jogadores experientes.

@ bc52210b:20bfc6de

CISA, or Cross-Input Signature Aggregation, is a technique in Bitcoin that allows multiple signatures from different inputs in a transaction to be combined into a single, aggregated signature. This is a big deal because Bitcoin transactions often involve multiple inputs (e.g., spending from different wallet outputs), each requiring its own signature. Normally, these signatures take up space individually, but CISA compresses them into one, making transactions more efficient.

This magic is possible thanks to the linearity property of Schnorr signatures, a type of digital signature introduced to Bitcoin with the Taproot upgrade. Unlike the older ECDSA signatures, Schnorr signatures have mathematical properties that allow multiple signatures to be added together into a single valid signature. Think of it like combining multiple handwritten signatures into one super-signature that still proves everyone signed off!

Fun Fact: CISA was considered for inclusion in Taproot but was left out to keep the upgrade simple and manageable. Adding CISA would’ve made Taproot more complex, so the developers hit pause on it—for now.

CISA vs. Key Aggregation (MuSig, FROST): Don’t Get Confused! Before we go deeper, let’s clear up a common mix-up: CISA is not the same as protocols like MuSig or FROST. Here’s why:

• Signature Aggregation (CISA): Combines multiple signatures into one, each potentially tied to different public keys and messages (e.g., different transaction inputs).
• Key Aggregation (MuSig, FROST): Combines multiple public keys into a single aggregated public key, then generates one signature for that key.

Key Differences: 1. What’s Aggregated? * CISA: Aggregates signatures. * Key Aggregation: Aggregates public keys. 2. What the Verifier Needs * CISA: The verifier needs all individual public keys and their corresponding messages to check the aggregated signature. * Key Aggregation: The verifier only needs the single aggregated public key and one message. 3. When It Happens * CISA: Used during transaction signing, when inputs are being combined into a transaction. * MuSig: Used during address creation, setting up a multi-signature (multisig) address that multiple parties control.

So, CISA is about shrinking signature data in a transaction, while MuSig/FROST are about simplifying multisig setups. Different tools, different jobs!

Two Flavors of CISA: Half-Agg and Full-Agg CISA comes in two modes:

• Full Aggregation (Full-Agg): Interactive, meaning signers need to collaborate during the signing process. (We’ll skip the details here since the query focuses on Half-Agg.)
• Half Aggregation (Half-Agg): Non-interactive, meaning signers can work independently, and someone else can combine the signatures later.

Since the query includes “CISA Part 2: Half Signature Aggregation,” let’s zoom in on Half-Agg.

Half Signature Aggregation (Half-Agg) Explained How It Works Half-Agg is a non-interactive way to aggregate Schnorr signatures. Here’s the process:

1. Independent Signing: Each signer creates their own Schnorr signature for their input, without needing to talk to the other signers.
2. Aggregation Step: An aggregator (could be anyone, like a wallet or node) takes all these signatures and combines them into one aggregated signature.

A Schnorr signature has two parts:

• R: A random point (32 bytes).
• s: A scalar value (32 bytes).

In Half-Agg:

• The R values from each signature are kept separate (one per input).
• The s values from all signatures are combined into a single s value.

Why It Saves Space (~50%) Let’s break down the size savings with some math:

Before Aggregation: * Each Schnorr signature = 64 bytes (32 for R + 32 for s). * For n inputs: n × 64 bytes.

After Half-Agg: * Keep n R values (32 bytes each) = 32 × n bytes. * Combine all s values into one = 32 bytes. * Total size: 32 × n + 32 bytes.

Comparison:

• Original: 64n bytes.
• Half-Agg: 32n + 32 bytes.
• For large n, the “+32” becomes small compared to 32n, so it’s roughly 32n, which is half of 64n. Hence, ~50% savings!

Real-World Impact: Based on recent Bitcoin usage, Half-Agg could save:

• ~19.3% in space (reducing transaction size).
• ~6.9% in fees (since fees depend on transaction size). This assumes no major changes in how people use Bitcoin post-CISA.

---

Applications of Half-Agg Half-Agg isn’t just a cool idea—it has practical uses:

1. Transaction-wide Aggregation
2. Combine all signatures within a single transaction.
3. Result: Smaller transactions, lower fees.
4. Block-wide Aggregation
5. Combine signatures across all transactions in a Bitcoin block.
6. Result: Even bigger space savings at the blockchain level.
7. Off-chain Protocols / P2P
8. Use Half-Agg in systems like Lightning Network gossip messages.
9. Benefit: Efficiency without needing miners or a Bitcoin soft fork.

---

Challenges with Half-Agg While Half-Agg sounds awesome, it’s not without hurdles, especially at the block level:

1. Breaking Adaptor Signatures
2. Adaptor signatures are special signatures used in protocols like Discreet Log Contracts (DLCs) or atomic swaps. They tie a signature to revealing a secret, ensuring fair exchanges.

3. Aggregating signatures across a block might mess up these protocols, as the individual signatures get blended together, potentially losing the properties adaptor signatures rely on.

4. Impact on Reorg Recovery

5. In Bitcoin, a reorganization (reorg) happens when the blockchain switches to a different chain of blocks. Transactions from the old chain need to be rebroadcast or reprocessed.
6. If signatures are aggregated at the block level, it could complicate extracting individual transactions and their signatures during a reorg, slowing down recovery.

These challenges mean Half-Agg needs careful design, especially for block-wide use.

Wrapping Up CISA is a clever way to make Bitcoin transactions more efficient by aggregating multiple Schnorr signatures into one, thanks to their linearity property. Half-Agg, the non-interactive mode, lets signers work independently, cutting signature size by about 50% (to 32n + 32 bytes from 64n bytes). It could save ~19.3% in space and ~6.9% in fees, with uses ranging from single transactions to entire blocks or off-chain systems like Lightning.

But watch out—block-wide Half-Agg could trip up adaptor signatures and reorg recovery, so it’s not a slam dunk yet. Still, it’s a promising tool for a leaner, cheaper Bitcoin future!

@ b17fccdf:b7211155

Si vives en España, quizás hayas notado que no puedes acceder a ciertas páginas webs durante los fines de semana o en algunos días entre semana, entre ellas, la guía de MiniBolt.

Esto tiene una razón, por supuesto una solución, además de una conclusión. Sin entrar en demasiados detalles:

La razón

El bloqueo a Cloudflare, implementado desde hace casi dos meses por operadores de Internet (ISPs) en España (como Movistar, O2, DIGI, Pepephone, entre otros), se basa en una orden judicial emitida tras una demanda de LALIGA (Fútbol). Esta medida busca combatir la piratería en España, un problema que afecta directamente a dicha organización.

Aunque la intención original era restringir el acceso a dominios específicos que difundieran dicho contenido, Cloudflare emplea el protocolo ECH (Encrypted Client Hello), que oculta el nombre del dominio, el cual antes se transmitía en texto plano durante el proceso de establecimiento de una conexión TLS. Esta medida dificulta que las operadoras analicen el tráfico para aplicar bloqueos basados en dominios, lo que les obliga a recurrir a bloqueos más amplios por IP o rangos de IP para cumplir con la orden judicial.

Esta práctica tiene consecuencias graves, que han sido completamente ignoradas por quienes la ejecutan. Es bien sabido que una infraestructura de IP puede alojar numerosos dominios, tanto legítimos como no legítimos. La falta de un "ajuste fino" en los bloqueos provoca un perjuicio para terceros, restringiendo el acceso a muchos dominios legítimos que no tiene relación alguna con actividades ilícitas, pero que comparten las mismas IPs de Cloudflare con dominios cuestionables. Este es el caso de la web de MiniBolt y su dominio minibolt.info, los cuales utilizan Cloudflare como proxy para aprovechar las medidas de seguridad, privacidad, optimización y servicios adicionales que la plataforma ofrece de forma gratuita.

Si bien este bloqueo parece ser temporal (al menos durante la temporada 24/25 de fútbol, hasta finales de mayo), es posible que se reactive con el inicio de la nueva temporada.

La solución

Obviamente, MiniBolt no dejará de usar Cloudflare como proxy por esta razón. Por lo que a continuación se exponen algunas medidas que como usuario puedes tomar para evitar esta restricción y poder acceder:

~> Utiliza una VPN:

Existen varias soluciones de proveedores de VPN, ordenadas según su reputación en privacidad: - IVPN - Mullvad VPN - Proton VPN (gratis) - Obscura VPN (solo para macOS) - Cloudfare WARP (gratis) + permite utilizar el modo proxy local para enrutar solo la navegación, debes utilizar la opción "WARP a través de proxy local" siguiendo estos pasos: 1. Inicia Cloudflare WARP y dentro de la pequeña interfaz haz click en la rueda dentada abajo a la derecha > "Preferencias" > "Avanzado" > "Configurar el modo proxy" 2. Marca la casilla "Habilite el modo proxy en este dispositivo" 3. Elige un "Puerto de escucha de proxy" entre 0-65535. ej: 1080, haz click en "Aceptar" y cierra la ventana de preferencias 4. Accede de nuevo a Cloudflare WARP y pulsa sobre el switch para habilitar el servicio. 3. Ahora debes apuntar el proxy del navegador a Cloudflare WARP, la configuración del navegador es similar a esta para el caso de navegadores basados en Firefox. Una vez hecho, deberías poder acceder a la guía de MiniBolt sin problemas. Si tienes dudas, déjalas en comentarios e intentaré resolverlas. Más info AQUÍ.

~> Proxifica tu navegador para usar la red de Tor, o utiliza el navegador oficial de Tor (recomendado).

La conclusión

Estos hechos ponen en tela de juicio los principios fundamentales de la neutralidad de la red, pilares esenciales de la Declaración de Independencia del Ciberespacio que defiende un internet libre, sin restricciones ni censura. Dichos principios se han visto quebrantados sin precedentes en este país, confirmando que ese futuro distópico que muchos negaban, ya es una realidad.

Es momento de actuar y estar preparados: debemos impulsar el desarrollo y la difusión de las herramientas anticensura que tenemos a nuestro alcance, protegiendo así la libertad digital y asegurando un acceso equitativo a la información para todos

Este compromiso es uno de los pilares fundamentales de MiniBolt, lo que convierte este desafío en una oportunidad para poner a prueba las soluciones anticensura ya disponibles, así como las que están en camino.

¡Censúrame si puedes, legislador! ¡La lucha por la privacidad y la libertad en Internet ya está en marcha!

---

Fuentes: * https://bandaancha.eu/articulos/movistar-o2-deja-clientes-sin-acceso-11239 * https://bandaancha.eu/articulos/esta-nueva-sentencia-autoriza-bloqueos-11257 * https://bandaancha.eu/articulos/como-saltarse-bloqueo-webs-warp-vpn-9958 * https://bandaancha.eu/articulos/como-activar-ech-chrome-acceder-webs-10689 * https://comunidad.movistar.es/t5/Soporte-Fibra-y-ADSL/Problema-con-web-que-usan-Cloudflare/td-p/5218007

@ 9f38a97e:c41d3606

Se você está em busca de uma plataforma confiável, dinâmica e cheia de opções de entretenimento online, o Pix188 pode ser exatamente o que você procura. Com uma interface moderna, suporte ágil e jogos emocionantes, a plataforma vem conquistando cada vez mais jogadores em todo o Brasil.

O Pix188 é uma plataforma de entretenimento digital que combina tecnologia, facilidade de acesso e uma ampla gama de opções para seus usuários. Com um site responsivo e adaptado tanto para desktop quanto para dispositivos móveis, a navegação é simples, intuitiva e rápida, ideal para quem quer jogar a qualquer hora e em qualquer lugar.

Desde o primeiro acesso, o usuário já percebe o cuidado com os detalhes e o compromisso com a experiência do jogador. O processo de cadastro é rápido e seguro, e os depósitos e saques são feitos via Pix — método preferido dos brasileiros por sua agilidade.

Um dos maiores diferenciais do Pix188 é a diversidade de jogos disponíveis na plataforma. O site reúne os títulos mais populares e desejados pelos jogadores, com gráficos de alta qualidade, excelente jogabilidade e temas variados.

Slots (Caça-níqueis): Jogos com rodadas rápidas, temas vibrantes e recursos especiais como giros grátis e multiplicadores.

Roleta ao vivo: Para quem gosta de emoção e decisões rápidas, a roleta é uma excelente escolha com versões clássicas e modernas.

Cartas e mesa: Jogos como pôquer, blackjack e bacará estão disponíveis em versões tradicionais e ao vivo, trazendo uma experiência imersiva e realista.

Jogos instantâneos: Com mecânicas simples e resultados rápidos, são ideais para quem busca diversão prática e dinâmica.

O Pix188 também trabalha com provedores de jogos reconhecidos internacionalmente, garantindo qualidade, segurança e atualizações constantes no catálogo.

Experiência do Jogador no Centro de Tudo Mais do que oferecer jogos, o Pix188 se preocupa com toda a jornada do jogador. Desde o momento do cadastro até a retirada de ganhos, tudo é pensado para ser simples e transparente.

O atendimento ao cliente é outro ponto forte: está disponível 24 horas por dia, sete dias por semana, com equipe capacitada para resolver dúvidas e auxiliar em qualquer situação. Os usuários também contam com promoções recorrentes, bônus de boas-vindas e programas de fidelidade que valorizam a permanência na plataforma.

Além disso, o Pix188 investe em tecnologias de segurança avançadas, protegendo os dados dos jogadores e oferecendo um ambiente confiável e protegido.

Conclusão O Pix188 se destaca no cenário nacional por oferecer uma plataforma completa, segura e repleta de opções para quem busca entretenimento digital de qualidade. Com uma interface moderna, suporte eficiente e um catálogo de jogos diversificado, é uma excelente escolha tanto para iniciantes quanto para jogadores experientes.

@ 3b7fc823:e194354f

A quick guide for the less than technical savvy to set up their very own free private tor enabled email using Onionmail. Privacy is for everyone, not just the super cyber nerds.

Onion Mail is an anonymous POP3/SMTP email server program hosted by various people on the internet. You can visit this site and read the details: https://en.onionmail.info/

1. Download Tor Browser

First, if you don't already, go download Tor Browser. You are going to need it. https://www.torproject.org/

1. Sign Up

Using Tor browser go to the directory page (https://onionmail.info/directory.html) choose one of the servers and sign up for an account. I say sign up but it is just choosing a user name you want to go before the @xyz.onion email address and solving a captcha.

1. Account information

Once you are done signing up an Account information page will pop up. MAKE SURE YOU SAVE THIS!!! It has your address and passwords (for sending and receiving email) that you will need. If you lose them then you are shit out of luck.

1. Install an Email Client

You can use Claws Mail, Neomutt, or whatever, but for this example, we will be using Thunderbird.

a. Download Thunderbird email client

b. The easy setup popup page that wants your name, email, and password isn't going to like your user@xyz.onion address. Just enter something that looks like a regular email address such as name@example.com and the Configure Manuallyoption will appear below. Click that.

1. Configure Incoming (POP3) Server

Under Incoming Server: Protocol: POP3 Server or Hostname: xyz.onion (whatever your account info says) Port: 110 Security: STARTTLS Authentication: Normal password Username: (your username) Password: (POP3 password).

1. Configure Outgoing (SMTP) Server

Under Outgoing Server: Server or Hostname: xyz.onion (whatever your account info says) Port: 25 Security: STARTTLS Authentication: Normal password Username: (your username) Password: (SMTP password).

1. Click on email at the top and change your address if you had to use a spoof one to get the configure manually to pop up.

2. Configure Proxy

a. Click the gear icon on the bottom left for settings. Scroll all the way down to Network & Disk Space. Click the settings button next to Connection. Configure how Thunderbird connects to the internet.

b. Select Manual Proxy Configuration. For SOCKS Host enter 127.0.0.1 and enter port 9050. (if you are running this through a VM the port may be different)

c. Now check the box for SOCKS5 and then Proxy DNS when using SOCKS5 down at the bottom. Click OK

1. Check Email

For thunderbird to reach the onion mail server it has to be connected to tor. Depending on your local setup, it might be fine as is or you might have to have tor browser open in the background. Click on inbox and then the little cloud icon with the down arrow to check mail.

1. Security Exception

Thunderbird is not going to like that the onion mail server security certificate is self signed. A popup Add Security Exception will appear. Click Confirm Security Exception.

You are done. Enjoy your new private email service.

REMEMBER: The server can read your emails unless they are encrypted. Go into account settings. Look down and click End-toEnd Encryption. Then add your OpenPGP key or open your OpenPGP Key Manager (you might have to download one if you don't already have one) and generate a new key for this account.

@ a1d36df6:a3b9f5a0

Originally written in: November 2024

"Show me the incentives, and I'll show you the outcome"[^mungerquote].

"Even bacteria respond to motivation." ~[^dufrene2020][^amoedo2024].

Introduction

In Austrian economics, time preference refers to the value individuals place on present consumption versus future consumption [^rothbard1993man]. A society with a lower time preference is more inclined to save, invest, and plan for the long term, thereby fostering progress and stability [^ammous2018]. In contrast, a society with a higher time preference tends toward immediate consumption rather than investment — or invests without a true understanding of its purpose — leading to short-term planning and a gradual drift from foundational societal values, traditions, and culture [^hoppe2001].

The definition of investment is the process of allocating resources to productive activities, prioritizing future gains over immediate consumption. It involves capital accumulation and is key to economic growth, as individuals delay gratification to increase future value. This approach underlies capital formation and enhances an economy's production capacity, aligning with lower time preference and fostering long-term prosperity [^mises1998].

With a foundational understanding of time preference and investment, we can begin to examine what motivates people today. Given the prevalence of high time preference in modern society, the government can capitalize on this tendency by offering immediate handouts and benefits, satisfying the population's desire for instant gratification, often at the expense of long-term prosperity and future gains. This tendency is also mirrored in mainstream media, where a focus on sensational, attention-grabbing stories diverts focus from deeper, structural issues. By amplifying polarizing narratives [^gentzkow2006media], often tied to social identity or lifestyle differences, the government and media create a cycle of constant engagement and distraction, steering public attention towards short-term controversies and away from underlying economic or social policy issues [^caplan2001rational].

Debt & Fractional-Reserve Banking

A common denominator that repeatedly emerges in such destructive behavior promoted by governments is the issue of money. As money drives the world, understanding and following its flow not only reveals how it operates but also uncovers those who wield control over it, and how human behavior is driven by it.

Money is a broad term encircling all assets that can be used for exchange, storage, and valuation, covering both physical and digital forms [^ammous2023]. Cash is a subset of money, referring specifically to physical currency, such as coins and notes.

The process of money creation, typically managed by governments and central banks, is the foundation of economic dependency within the financial system. In most economies, central banks control currency creation through mechanisms like open market operations and debt. For instance, when a central bank, such as the Federal Reserve, issues new currency, it does so by purchasing government securities from commercial banks, thus adding currency to the economy. However, this transaction is not debt-free; it obliges the government to repay the borrowed amount with interest.

In common words, the process of creating money is as follows: the government request to the central bank a certain amount of money to be printed in borrowing form. The central bank then creates that money, out of thin air, on the promise that the government will repay the central bank down the road. Since the government does not produce anything, in order to repay the central bank, the government then sells the debt via bonds to anyone who would like to buy the government debt. In even more simple words: the government and central bank creates money out of thin air based on debt [^ammous2021].

The issue with money creation is not only by the fact that it was created out of thin air, but because money creation has other issues tied to it: the debt, the creation of fractional-reserve monetary system, inflation, and interest.

This foundational reliance on debt, since it is present in the very beginning of money creation, renders the entire monetary system debt-dependent. Therefore, saving and investing within such a system becomes questionable, as the system's nature opposes the principles of sustainable wealth accumulation, thus leading human behavior not to save but to spend.

A fractional-reserve monetary system is a banking structure in which banks retain only a small fraction of their depositors' funds — historically around 10%, but today often as low as 1% [^bundesbank2024] — while lending out or investing the remainder. This setup allows banks to expand the money supply and stimulate economic activity through a process known as deposit expansion [^federalreserve1975modern]. Deposit expansion occurs when banks effectively treat a portion of deposited funds as new money, multiplying the original deposit base. For example, if a bank holds deposits totaling 1 million euros, it can lend out up to 1.9 million euros, as long as it maintains 10% of the initial deposit in reserve. This cycle can repeat, enabling banks to increase the total money supply to infinity, but the "Modern Money Mechanics: A Workbook on Bank Reserves and Deposit Expansion" and government applying it recommends not doing it above 9 times the original deposit value [^federalreserve1975modern].

To make matters worse, inflation and interest exacerbate the problems inherent in this monetary system. Interest is a foundational element of the system, initially intended to address the original debt incurred by the government. In economic terms, interest represents the "price" of time preference, a premium placed on present goods over future goods. To illustrate the impact of interest, consider the cost of a house in today's system: a house priced at 500,000 euros with a 4% variable interest rate ends up costing around 860,000 euros over 30 years, with 360,000 euros paid in interest alone.

Inflation, on the other hand, is the increase in the money supply — money printing — and can only be truly calculated by M2[^1] money supply metric. Inflation erodes the value of both assets and earned income, as each new unit of currency devalues existing money. This devaluation impacts not only the purchasing power of savings but also the real cost of goods and services over time, reducing the long-term value of assets people believe they own.

The government

Operating within a monetary system stretched beyond its limitations, the government faces the dual challenges of controlling inflation and satisfying its growing spending demands. To fund its expenditures, the government often provides public benefits — subsidies, "free" healthcare, public transport, security, military, and welfare in general — to justify continual spending and cultivate public support - via voting, in most democratic countries.

Welfare and most government programs redistribute wealth from producers to non-producers, fostering dependency on the state. Over time, this erodes individual sovereignty and expands government control, restricting freedom, and reducing people to slaves or cash cows.

The government justifies taxes as payment for welfare and public services, but also claims they curb inflation by reducing the need to print money. The logic is that by reclaiming taxpayer money, the money supply is controlled. However, this is misleading, especially when the government can print money at will, making taxation on such currency inherently flawed.

Taxes are extracted via coercion - violence - by the government onto the population. The government then decides where to allocate this money, based on their guess of what the population needs, excluding private preferences. Therefore, taxes are not an incentive to accumulate, not even to work more. Taxes are an incentive to do right the opposite: do not save and do not work more.

Another tactic the government employs is to create crises that it alone can "solve", thus requiring more taxes or funding. Recent examples include crises like COVID-19, the "green" agenda, and initiatives to combat climate change[^2]. In each case, the government presents itself as the sole solution, yet solving these crises inevitably demands additional resources — in the form of increased taxation.

Even minimal critical thinking would prompt one to question the true necessity of taxes in a government that owns and controls the money printer. Given what we now understand, if you were in the government's position, would you willingly relinquish control of money creation by tying it to something like gold, empowering people to become smarter, independent, and wealthy?

The government, through various channels — media, education, propaganda, welfare, and government subsidies — ensures that people remain obedient and uninformed. It keeps them financially constrained by increasing taxes and imposing extensive regulations, while fostering dependency through handouts, welfare, and other social programs. The government is the only entity that, by law, can use violence and coercion without prosecution [^rothbard2009].

"Anyone who, although human, is by nature not yours but someone else's"[^ambler1987].

It is therefore unsurprising that many live in a state akin to enslavement, reflecting a mindset shaped by constant dependency. It is no wonder that people are discouraged from having children, as they can barely support themselves. Nor is it surprising that individuals might question the need to continue their bloodline, believing in the illusory value of "fake money" [^kiyosaki2019] and trusting present "investments" and the government to provide a pension in old age. And it's certainly not surprising to see people asking the government for solutions to every problem, when the government leaves them no viable alternatives.

"Show me the incentives, and I'll show you the outcome"[^mungerquote].

That statement serves as a powerful tool for understanding and addressing complex issues. When observing behaviors that may appear unusual — such as individuals identifying as "trans-species," a phenomenon linked to mental health concerns [^pinna2022] — it's essential to consider the underlying incentives. Who benefits most from a society in which individuals remain financially constrained, dependent, and uninformed? A fiat-based monetary system functions as a modern form of economic control, keeping people poor by design. Taxes, effectively a penalty for productivity, contrast sharply with welfare programs, which often reward dependency and reinforce reliance on the government. Meanwhile, government narratives and selective information shape public beliefs, protecting institutional interests and discouraging critical inquiry[^3].

Conclusion

Like the fungus that infects in parasitic way an ant's nervous system - Ophiocordyceps Unilateralis -, rendering it a zombie [^britannica2024] controlled by an external force, similarly, modern bureaucracies exploit the mechanisms of fiat money, debt, and taxation [^rothbard2009] to maintain control over individuals, steering them away from self-reliance and critical thinking toward a state of perpetual dependence.

The parallels are striking: just as the fungus manipulates the ant's behavior to secure its reproduction, governments manipulate public perception, creating crises, shaping incentives, and fostering dependence[^rothbard2009] through welfare programs[^caplan2001rational], inflated debt[^ammous2018], and coercive taxation. These mechanisms suppress individuality, reduce productivity, and shift power further into centralized hands[^gentzkow2006media], leaving citizens "zombified", detached from purpose and independence.

"Even bacteria respond to motivation."[^dufrene2020]

If tolerated — even by you, dear reader — this parasitic cycle will continue to erode humanity's dignity and potential. The solution lies in reclaiming agency by building a society grounded in sound money, meaningful productivity, and spiritual and cultural foundations that connect us to higher purposes. As warned in Jeremiah 17:5 [^4], trusting fallible human systems leads to enslavement. True freedom comes from rejecting exploitative bureaucracies and embracing systems aligned with truth, autonomy, and resilience.

Another way is to fully understand the system and opt out. This requires mastering the rules and using them to your advantage. If legal avenues exist to avoid taxation, expropriation, eminent domain, or government coercion, then the first step is to change the game for yourself.

The monetary system and government incentives shape human behavior, influencing those who allow themselves to be controlled by them.

fiat #bitcoin #austrian-economics #freedom #slavery #money #government #antipropaganda #propaganda #taxes #tax #greenagenda #wef #who

Footnote

[^1]: M2 refers to savings deposits + money market mutual funds + small time deposits. M2 includes all of M1 plus "near money" (M0), which consists of savings deposits, money market accounts, and small-denomination time deposits (like certificates of deposit under a certain amount). M2 is commonly tracked by central banks to gauge medium-term economic activity and savings behavior, as it includes money that people save rather than spend immediately.

[^2]: Since the 1990s, societies worldwide have been confronted by a series of global crises, often framed as urgent and overwhelming challenges. All scams. Including deforestation, ocean and air pollution, nuclear waste, oil spills, plastic and soil pollution, drought, fossil fuel consumption, rising sea levels, species extinction, extreme weather, global warming, melting glaciers, acid rain, and, recently, climate change. Each crisis has shaped public opinion and policy, and also created new laws, regulations, and taxes.

[^3]: Politicians are merely psychopath[^hareleonmayersalinasfolino2022][^klaas2023] parasites.

[^4]: Cursed is the one who trusts in man, who draws strength from mere flesh and whose heart turns away from the Lord.

References

Bibtex

bibtex @book{ammous2018, title={The Bitcoin Standard: The Decentralized Alternative to Central Banking}, author={Ammous, Saifedean}, year={2018}, publisher={Wiley}, url={https://saifedean.com/tbs} } @book{ammous2023, author = {Saifedean Ammous}, title = {Principles of Economics}, year = {2023}, publisher = {Saifedean Ammous}, address = {Self-published}, url = {https://saifedean.com/poe} } @book{ammous2021, author = {Saifedean Ammous}, title = {The Fiat Standard: The Debt Slavery Alternative to Human Civilization}, year = {2021}, publisher = {Wiley}, address = {Hoboken, NJ}, url = {https://saifedean.com/tfs} } @book{rothbard1993man, author = {Murray N. Rothbard}, title = {Man, Economy, and State: A Treatise on Economic Principles}, year = {1993}, publisher = {Ludwig von Mises Institute}, address = {Auburn, Alabama}, note = {Originally published in 1962}, url = {https://mises.org/library/man-economy-and-state-power-and-market} } @book{hoppe2001, author = {Hans-Hermann Hoppe}, title = {Democracy: The God That Failed: The Economics and Politics of Monarchy, Democracy, and Natural Order}, year = {2001}, publisher = {Transaction Publishers}, address = {New Brunswick, NJ}, url = {https://mises.org/library/democracy-god-failed} } @book{mises1998, author = {Ludwig von Mises}, title = {Human Action: A Treatise on Economics}, year = {1998}, publisher = {Ludwig von Mises Institute}, address = {Auburn, Alabama}, note = {Originally published in 1949}, url = {https://mises.org/library/human-action-0} } @article{gentzkow2006media, author = {Matthew Gentzkow and Jesse M. Shapiro}, title = {Media Bias and Reputation}, journal = {Journal of Political Economy}, volume = {114}, number = {2}, pages = {280-316}, year = {2006}, publisher = {University of Chicago Press}, url = {https://doi.org/10.1086/499414} } @article{caplan2001rational, author = {Bryan Caplan}, title = {Rational Irrationality and the Microfoundations of Political Failure}, journal = {Public Choice}, volume = {107}, number = {3}, pages = {311-331}, year = {2001}, publisher = {Springer}, url = {https://doi.org/10.1023/A:1010349129605} } @book{federalreserve1975modern, author = {{Federal Reserve Bank of Chicago}}, title = {Modern Money Mechanics: A Workbook on Bank Reserves and Deposit Expansion}, year = {1975}, publisher = {Federal Reserve Bank of Chicago}, url = {https://archive.org/details/modern-money-mechanics/mode/2up} } @misc{bundesbank2024, author = {{Deutsche Bundesbank}}, title = {Minimum Reserves}, year = {n.d.}, url = {https://www.bundesbank.de/en/tasks/monetary-policy/minimum-reserves/minimum-reserves-625912}, note = {Accessed: 2024-11-07} } @article{ambler1987, author = {Wayne Ambler}, title = {Aristotle on Nature and Politics: The Case of Slavery}, journal = {Political Theory}, volume = {15}, number = {3}, pages = {390-410}, year = {1987}, month = {Aug.} } @book{kiyosaki2019, author = {Robert T. Kiyosaki}, title = {FAKE: Fake Money, Fake Teachers, Fake Assets: How Lies Are Making the Poor and Middle Class Poorer}, year = {2019}, month = {April}, publisher = {Plata Publishing}, address = {Scottsdale, AZ}, note = {Paperback, Illustrated Edition} } @article{hareleonmayersalinasfolino2022, title = {Psychopathy and crimes against humanity: A conceptual and empirical examination of human rights violators}, journal = {Journal of Criminal Justice}, volume = {81}, pages = {101901}, year = {2022}, issn = {0047-2352}, doi = {https://doi.org/10.1016/j.jcrimjus.2022.101901}, url = {https://www.sciencedirect.com/science/article/pii/S0047235222000216}, author = {Robert D. Hare and Elizabeth León-Mayer and Joanna Rocuant Salinas and Jorge Folino and Craig S. Neumann}, keywords = {Crimes against humanity, Human rights violators, Terrorism, Psychopathy, PCL-R, SRP-SF, Four-factor model, Latent profile analysis}, abstract = {Purpose There is a dearth of empirical data on the contributions of personality, psychopathology, and psychopathy to terrorism and its actors. Because of a fortuitous set of circumstances, we had access to a sample of men convicted of crimes against humanity (CAH) committed during the Pinochet regime, each rated by expert clinicians on the Psychopathy Checklist-Revised (PCL-R). We also had PCL-R ratings for samples of general offenders and community participants. Methods We determined the psychometric properties of the PCL-R for these samples, performed structural equation modeling (SEM) to investigate the factor structure of the PCL-R, and conducted a latent profile analysis (LPA) of the obtained factors to identify classes or subtypes within the samples. Results The PCL-R's psychometric properties and factor structure were in accord with findings from other countries and settings. The PCL-R total scores of the CAH and general offenders were virtually the same but much higher than those of the community sample. However, the CAH group had extraordinarily high scores on the Interpersonal/Affective facets yet relatively low scores on the Lifestyle/Antisocial facets. LPA identified the expected four latent classes, with most CAH men located within the Callous-Conning class. Conclusions The results of this study provide unique information about the psychopathic propensities of a sample of state violators of human rights. Their pattern of PCL-R scores was consistent with an extreme disposition for self-serving, callous, and ruthless treatment of others, without guilt or remorse, and in the absence of a prior documented history of severe antisocial behavior.} } @misc{klaas2023, author = "{Brian Klaas}", title = "{{How many politicians are psychopaths?}}", howpublished = {\url{https://www.forkingpaths.co/p/how-many-politicians-are-psychopaths}}, note = {Online; accessed 29 January 2024}, year=2023 } @article{pinna2022, title={Mental health in transgender individuals: a systematic review}, author={Pinna, Federica and Paribello, Pasquale and Somaini, Giulia and Corona, Alice and Ventriglio, Antonio and Corrias, Carolina and Frau, Ilaria and Murgia, Roberto and El Kacemi, Sabrina and Galeazzi, Gian Maria and others}, journal={International Review of Psychiatry}, volume={34}, number={3-4}, pages={292--359}, year={2022}, publisher={Taylor \& Francis}, doi={10.1080/09540261.2022.2093629}, url={https://pubmed.ncbi.nlm.nih.gov/36151828/} } @book{rothbard2009, title={Anatomy of the State}, author={Rothbard, Murray}, year={2009}, publisher={Ludwig von Mises Institute} } @misc{britannica2024, author = {{Encyclopaedia Britannica}}, title = {Zombie-Ant Fungus}, year = {n.d.}, url = {https://www.britannica.com/science/zombie-ant-fungus}, note = {Accessed: 2024-11-07} } @misc{amoedo2024, author = {Renato Amoedo}, title = {Até as bactérias respondem a uma motivação}, year = {2024}, note = {Famosa frase mencionada em entrevistas e podcasts relacionados a comportamento e motivação}, howpublished = {Comentário público}, } @article{dufrene2020, title={Mechanomicrobiology: how bacteria sense and respond to forces}, author={Dufrêne, Yves F. and Persat, Alexandre}, journal={Nature Reviews Microbiology}, volume={18}, pages={227--240}, year={2020}, month={April}, doi={10.1038/s41579-019-0314-2}, url={https://doi.org/10.1038/s41579-019-0314-2}, publisher={Springer Nature}, note={Accepted 06 December 2019, Published 20 January 2020} } @misc{mungerquote, author = {Munger, Charlie}, title = {Show me the incentive and I will show you the outcome}, note = {Often attributed to Charlie Munger, known for his wisdom on finance and life as Warren Buffett's business partner.}, howpublished = {Quote}, year = {n.d.}, url = {https://elevatesociety.com/quotes-by-charlie-munger/} }

@ 21335073:a244b1ad

Warning: This piece contains a conversation about difficult topics. Please proceed with caution.

TL;DR please educate your children about online safety.

Julian Assange wrote in his 2012 book Cypherpunks, “This book is not a manifesto. There isn’t time for that. This book is a warning.” I read it a few times over the past summer. Those opening lines definitely stood out to me. I wish we had listened back then. He saw something about the internet that few had the ability to see. There are some individuals who are so close to a topic that when they speak, it’s difficult for others who aren’t steeped in it to visualize what they’re talking about. I didn’t read the book until more recently. If I had read it when it came out, it probably would have sounded like an unknown foreign language to me. Today it makes more sense.

This isn’t a manifesto. This isn’t a book. There is no time for that. It’s a warning and a possible solution from a desperate and determined survivor advocate who has been pulling and unraveling a thread for a few years. At times, I feel too close to this topic to make any sense trying to convey my pathway to my conclusions or thoughts to the general public. My hope is that if nothing else, I can convey my sense of urgency while writing this. This piece is a watchman’s warning.

When a child steps online, they are walking into a new world. A new reality. When you hand a child the internet, you are handing them possibilities—good, bad, and ugly. This is a conversation about lowering the potential of negative outcomes of stepping into that new world and how I came to these conclusions. I constantly compare the internet to the road. You wouldn’t let a young child run out into the road with no guidance or safety precautions. When you hand a child the internet without any type of guidance or safety measures, you are allowing them to play in rush hour, oncoming traffic. “Look left, look right for cars before crossing.” We almost all have been taught that as children. What are we taught as humans about safety before stepping into a completely different reality like the internet? Very little.

I could never really figure out why many folks in tech, privacy rights activists, and hackers seemed so cold to me while talking about online child sexual exploitation. I always figured that as a survivor advocate for those affected by these crimes, that specific, skilled group of individuals would be very welcoming and easy to talk to about such serious topics. I actually had one hacker laugh in my face when I brought it up while I was looking for answers. I thought maybe this individual thought I was accusing them of something I wasn’t, so I felt bad for asking. I was constantly extremely disappointed and would ask myself, “Why don’t they care? What could I say to make them care more? What could I say to make them understand the crisis and the level of suffering that happens as a result of the problem?”

I have been serving minor survivors of online child sexual exploitation for years. My first case serving a survivor of this specific crime was in 2018—a 13-year-old girl sexually exploited by a serial predator on Snapchat. That was my first glimpse into this side of the internet. I won a national award for serving the minor survivors of Twitter in 2023, but I had been working on that specific project for a few years. I was nominated by a lawyer representing two survivors in a legal battle against the platform. I’ve never really spoken about this before, but at the time it was a choice for me between fighting Snapchat or Twitter. I chose Twitter—or rather, Twitter chose me. I heard about the story of John Doe #1 and John Doe #2, and I was so unbelievably broken over it that I went to war for multiple years. I was and still am royally pissed about that case. As far as I was concerned, the John Doe #1 case proved that whatever was going on with corporate tech social media was so out of control that I didn’t have time to wait, so I got to work. It was reading the messages that John Doe #1 sent to Twitter begging them to remove his sexual exploitation that broke me. He was a child begging adults to do something. A passion for justice and protecting kids makes you do wild things. I was desperate to find answers about what happened and searched for solutions. In the end, the platform Twitter was purchased. During the acquisition, I just asked Mr. Musk nicely to prioritize the issue of detection and removal of child sexual exploitation without violating digital privacy rights or eroding end-to-end encryption. Elon thanked me multiple times during the acquisition, made some changes, and I was thanked by others on the survivors’ side as well.

I still feel that even with the progress made, I really just scratched the surface with Twitter, now X. I left that passion project when I did for a few reasons. I wanted to give new leadership time to tackle the issue. Elon Musk made big promises that I knew would take a while to fulfill, but mostly I had been watching global legislation transpire around the issue, and frankly, the governments are willing to go much further with X and the rest of corporate tech than I ever would. My work begging Twitter to make changes with easier reporting of content, detection, and removal of child sexual exploitation material—without violating privacy rights or eroding end-to-end encryption—and advocating for the minor survivors of the platform went as far as my principles would have allowed. I’m grateful for that experience. I was still left with a nagging question: “How did things get so bad with Twitter where the John Doe #1 and John Doe #2 case was able to happen in the first place?” I decided to keep looking for answers. I decided to keep pulling the thread.

I never worked for Twitter. This is often confusing for folks. I will say that despite being disappointed in the platform’s leadership at times, I loved Twitter. I saw and still see its value. I definitely love the survivors of the platform, but I also loved the platform. I was a champion of the platform’s ability to give folks from virtually around the globe an opportunity to speak and be heard.

I want to be clear that John Doe #1 really is my why. He is the inspiration. I am writing this because of him. He represents so many globally, and I’m still inspired by his bravery. One child’s voice begging adults to do something—I’m an adult, I heard him. I’d go to war a thousand more lifetimes for that young man, and I don’t even know his name. Fighting has been personally dark at times; I’m not even going to try to sugarcoat it, but it has been worth it.

The data surrounding the very real crime of online child sexual exploitation is available to the public online at any time for anyone to see. I’d encourage you to go look at the data for yourself. I believe in encouraging folks to check multiple sources so that you understand the full picture. If you are uncomfortable just searching around the internet for information about this topic, use the terms “CSAM,” “CSEM,” “SG-CSEM,” or “AI Generated CSAM.” The numbers don’t lie—it’s a nightmare that’s out of control. It’s a big business. The demand is high, and unfortunately, business is booming. Organizations collect the data, tech companies often post their data, governments report frequently, and the corporate press has covered a decent portion of the conversation, so I’m sure you can find a source that you trust.

Technology is changing rapidly, which is great for innovation as a whole but horrible for the crime of online child sexual exploitation. Those wishing to exploit the vulnerable seem to be adapting to each technological change with ease. The governments are so far behind with tackling these issues that as I’m typing this, it’s borderline irrelevant to even include them while speaking about the crime or potential solutions. Technology is changing too rapidly, and their old, broken systems can’t even dare to keep up. Think of it like the governments’ “War on Drugs.” Drugs won. In this case as well, the governments are not winning. The governments are talking about maybe having a meeting on potentially maybe having legislation around the crimes. The time to have that meeting would have been many years ago. I’m not advocating for governments to legislate our way out of this. I’m on the side of educating and innovating our way out of this.

I have been clear while advocating for the minor survivors of corporate tech platforms that I would not advocate for any solution to the crime that would violate digital privacy rights or erode end-to-end encryption. That has been a personal moral position that I was unwilling to budge on. This is an extremely unpopular and borderline nonexistent position in the anti-human trafficking movement and online child protection space. I’m often fearful that I’m wrong about this. I have always thought that a better pathway forward would have been to incentivize innovation for detection and removal of content. I had no previous exposure to privacy rights activists or Cypherpunks—actually, I came to that conclusion by listening to the voices of MENA region political dissidents and human rights activists. After developing relationships with human rights activists from around the globe, I realized how important privacy rights and encryption are for those who need it most globally. I was simply unwilling to give more power, control, and opportunities for mass surveillance to big abusers like governments wishing to enslave entire nations and untrustworthy corporate tech companies to potentially end some portion of abuses online. On top of all of it, it has been clear to me for years that all potential solutions outside of violating digital privacy rights to detect and remove child sexual exploitation online have not yet been explored aggressively. I’ve been disappointed that there hasn’t been more of a conversation around preventing the crime from happening in the first place.

What has been tried is mass surveillance. In China, they are currently under mass surveillance both online and offline, and their behaviors are attached to a social credit score. Unfortunately, even on state-run and controlled social media platforms, they still have child sexual exploitation and abuse imagery pop up along with other crimes and human rights violations. They also have a thriving black market online due to the oppression from the state. In other words, even an entire loss of freedom and privacy cannot end the sexual exploitation of children online. It’s been tried. There is no reason to repeat this method.

It took me an embarrassingly long time to figure out why I always felt a slight coldness from those in tech and privacy-minded individuals about the topic of child sexual exploitation online. I didn’t have any clue about the “Four Horsemen of the Infocalypse.” This is a term coined by Timothy C. May in 1988. I would have been a child myself when he first said it. I actually laughed at myself when I heard the phrase for the first time. I finally got it. The Cypherpunks weren’t wrong about that topic. They were so spot on that it is borderline uncomfortable. I was mad at first that they knew that early during the birth of the internet that this issue would arise and didn’t address it. Then I got over it because I realized that it wasn’t their job. Their job was—is—to write code. Their job wasn’t to be involved and loving parents or survivor advocates. Their job wasn’t to educate children on internet safety or raise awareness; their job was to write code.

They knew that child sexual abuse material would be shared on the internet. They said what would happen—not in a gleeful way, but a prediction. Then it happened.

I equate it now to a concrete company laying down a road. As you’re pouring the concrete, you can say to yourself, “A terrorist might travel down this road to go kill many, and on the flip side, a beautiful child can be born in an ambulance on this road.” Who or what travels down the road is not their responsibility—they are just supposed to lay the concrete. I’d never go to a concrete pourer and ask them to solve terrorism that travels down roads. Under the current system, law enforcement should stop terrorists before they even make it to the road. The solution to this specific problem is not to treat everyone on the road like a terrorist or to not build the road.

So I understand the perceived coldness from those in tech. Not only was it not their job, but bringing up the topic was seen as the equivalent of asking a free person if they wanted to discuss one of the four topics—child abusers, terrorists, drug dealers, intellectual property pirates, etc.—that would usher in digital authoritarianism for all who are online globally.

Privacy rights advocates and groups have put up a good fight. They stood by their principles. Unfortunately, when it comes to corporate tech, I believe that the issue of privacy is almost a complete lost cause at this point. It’s still worth pushing back, but ultimately, it is a losing battle—a ticking time bomb.

I do think that corporate tech providers could have slowed down the inevitable loss of privacy at the hands of the state by prioritizing the detection and removal of CSAM when they all started online. I believe it would have bought some time, fewer would have been traumatized by that specific crime, and I do believe that it could have slowed down the demand for content. If I think too much about that, I’ll go insane, so I try to push the “if maybes” aside, but never knowing if it could have been handled differently will forever haunt me. At night when it’s quiet, I wonder what I would have done differently if given the opportunity. I’ll probably never know how much corporate tech knew and ignored in the hopes that it would go away while the problem continued to get worse. They had different priorities. The most voiceless and vulnerable exploited on corporate tech never had much of a voice, so corporate tech providers didn’t receive very much pushback.

Now I’m about to say something really wild, and you can call me whatever you want to call me, but I’m going to say what I believe to be true. I believe that the governments are either so incompetent that they allowed the proliferation of CSAM online, or they knowingly allowed the problem to fester long enough to have an excuse to violate privacy rights and erode end-to-end encryption. The US government could have seized the corporate tech providers over CSAM, but I believe that they were so useful as a propaganda arm for the regimes that they allowed them to continue virtually unscathed.

That season is done now, and the governments are making the issue a priority. It will come at a high cost. Privacy on corporate tech providers is virtually done as I’m typing this. It feels like a death rattle. I’m not particularly sure that we had much digital privacy to begin with, but the illusion of a veil of privacy feels gone.

To make matters slightly more complex, it would be hard to convince me that once AI really gets going, digital privacy will exist at all.

I believe that there should be a conversation shift to preserving freedoms and human rights in a post-privacy society.

I don’t want to get locked up because AI predicted a nasty post online from me about the government. I’m not a doomer about AI—I’m just going to roll with it personally. I’m looking forward to the positive changes that will be brought forth by AI. I see it as inevitable. A bit of privacy was helpful while it lasted. Please keep fighting to preserve what is left of privacy either way because I could be wrong about all of this.

On the topic of AI, the addition of AI to the horrific crime of child sexual abuse material and child sexual exploitation in multiple ways so far has been devastating. It’s currently out of control. The genie is out of the bottle. I am hopeful that innovation will get us humans out of this, but I’m not sure how or how long it will take. We must be extremely cautious around AI legislation. It should not be illegal to innovate even if some bad comes with the good. I don’t trust that the governments are equipped to decide the best pathway forward for AI. Source: the entire history of the government.

I have been personally negatively impacted by AI-generated content. Every few days, I get another alert that I’m featured again in what’s called “deep fake pornography” without my consent. I’m not happy about it, but what pains me the most is the thought that for a period of time down the road, many globally will experience what myself and others are experiencing now by being digitally sexually abused in this way. If you have ever had your picture taken and posted online, you are also at risk of being exploited in this way. Your child’s image can be used as well, unfortunately, and this is just the beginning of this particular nightmare. It will move to more realistic interpretations of sexual behaviors as technology improves. I have no brave words of wisdom about how to deal with that emotionally. I do have hope that innovation will save the day around this specific issue. I’m nervous that everyone online will have to ID verify due to this issue. I see that as one possible outcome that could help to prevent one problem but inadvertently cause more problems, especially for those living under authoritarian regimes or anyone who needs to remain anonymous online. A zero-knowledge proof (ZKP) would probably be the best solution to these issues. There are some survivors of violence and/or sexual trauma who need to remain anonymous online for various reasons. There are survivor stories available online of those who have been abused in this way. I’d encourage you seek out and listen to their stories.

There have been periods of time recently where I hesitate to say anything at all because more than likely AI will cover most of my concerns about education, awareness, prevention, detection, and removal of child sexual exploitation online, etc.

Unfortunately, some of the most pressing issues we’ve seen online over the last few years come in the form of “sextortion.” Self-generated child sexual exploitation (SG-CSEM) numbers are continuing to be terrifying. I’d strongly encourage that you look into sextortion data. AI + sextortion is also a huge concern. The perpetrators are using the non-sexually explicit images of children and putting their likeness on AI-generated child sexual exploitation content and extorting money, more imagery, or both from minors online. It’s like a million nightmares wrapped into one. The wild part is that these issues will only get more pervasive because technology is harnessed to perpetuate horror at a scale unimaginable to a human mind.

Even if you banned phones and the internet or tried to prevent children from accessing the internet, it wouldn’t solve it. Child sexual exploitation will still be with us until as a society we start to prevent the crime before it happens. That is the only human way out right now.

There is no reset button on the internet, but if I could go back, I’d tell survivor advocates to heed the warnings of the early internet builders and to start education and awareness campaigns designed to prevent as much online child sexual exploitation as possible. The internet and technology moved quickly, and I don’t believe that society ever really caught up. We live in a world where a child can be groomed by a predator in their own home while sitting on a couch next to their parents watching TV. We weren’t ready as a species to tackle the fast-paced algorithms and dangers online. It happened too quickly for parents to catch up. How can you parent for the ever-changing digital world unless you are constantly aware of the dangers?

I don’t think that the internet is inherently bad. I believe that it can be a powerful tool for freedom and resistance. I’ve spoken a lot about the bad online, but there is beauty as well. We often discuss how victims and survivors are abused online; we rarely discuss the fact that countless survivors around the globe have been able to share their experiences, strength, hope, as well as provide resources to the vulnerable. I do question if giving any government or tech company access to censorship, surveillance, etc., online in the name of serving survivors might not actually impact a portion of survivors negatively. There are a fair amount of survivors with powerful abusers protected by governments and the corporate press. If a survivor cannot speak to the press about their abuse, the only place they can go is online, directly or indirectly through an independent journalist who also risks being censored. This scenario isn’t hard to imagine—it already happened in China. During #MeToo, a survivor in China wanted to post their story. The government censored the post, so the survivor put their story on the blockchain. I’m excited that the survivor was creative and brave, but it’s terrifying to think that we live in a world where that situation is a necessity.

I believe that the future for many survivors sharing their stories globally will be on completely censorship-resistant and decentralized protocols. This thought in particular gives me hope. When we listen to the experiences of a diverse group of survivors, we can start to understand potential solutions to preventing the crimes from happening in the first place.

My heart is broken over the gut-wrenching stories of survivors sexually exploited online. Every time I hear the story of a survivor, I do think to myself quietly, “What could have prevented this from happening in the first place?” My heart is with survivors.

My head, on the other hand, is full of the understanding that the internet should remain free. The free flow of information should not be stopped. My mind is with the innocent citizens around the globe that deserve freedom both online and offline.

The problem is that governments don’t only want to censor illegal content that violates human rights—they create legislation that is so broad that it can impact speech and privacy of all. “Don’t you care about the kids?” Yes, I do. I do so much that I’m invested in finding solutions. I also care about all citizens around the globe that deserve an opportunity to live free from a mass surveillance society. If terrorism happens online, I should not be punished by losing my freedom. If drugs are sold online, I should not be punished. I’m not an abuser, I’m not a terrorist, and I don’t engage in illegal behaviors. I refuse to lose freedom because of others’ bad behaviors online.

I want to be clear that on a long enough timeline, the governments will decide that they can be better parents/caregivers than you can if something isn’t done to stop minors from being sexually exploited online. The price will be a complete loss of anonymity, privacy, free speech, and freedom of religion online. I find it rather insulting that governments think they’re better equipped to raise children than parents and caretakers.

So we can’t go backwards—all that we can do is go forward. Those who want to have freedom will find technology to facilitate their liberation. This will lead many over time to decentralized and open protocols. So as far as I’m concerned, this does solve a few of my worries—those who need, want, and deserve to speak freely online will have the opportunity in most countries—but what about online child sexual exploitation?

When I popped up around the decentralized space, I was met with the fear of censorship. I’m not here to censor you. I don’t write code. I couldn’t censor anyone or any piece of content even if I wanted to across the internet, no matter how depraved. I don’t have the skills to do that.

I’m here to start a conversation. Freedom comes at a cost. You must always fight for and protect your freedom. I can’t speak about protecting yourself from all of the Four Horsemen because I simply don’t know the topics well enough, but I can speak about this one topic.

If there was a shortcut to ending online child sexual exploitation, I would have found it by now. There isn’t one right now. I believe that education is the only pathway forward to preventing the crime of online child sexual exploitation for future generations.

I propose a yearly education course for every child of all school ages, taught as a standard part of the curriculum. Ideally, parents/caregivers would be involved in the education/learning process.

Course: - The creation of the internet and computers - The fight for cryptography - The tech supply chain from the ground up (example: human rights violations in the supply chain) - Corporate tech - Freedom tech - Data privacy - Digital privacy rights - AI (history-current) - Online safety (predators, scams, catfishing, extortion) - Bitcoin - Laws - How to deal with online hate and harassment - Information on who to contact if you are being abused online or offline - Algorithms - How to seek out the truth about news, etc., online

The parents/caregivers, homeschoolers, unschoolers, and those working to create decentralized parallel societies have been an inspiration while writing this, but my hope is that all children would learn this course, even in government ran schools. Ideally, parents would teach this to their own children.

The decentralized space doesn’t want child sexual exploitation to thrive. Here’s the deal: there has to be a strong prevention effort in order to protect the next generation. The internet isn’t going anywhere, predators aren’t going anywhere, and I’m not down to let anyone have the opportunity to prove that there is a need for more government. I don’t believe that the government should act as parents. The governments have had a chance to attempt to stop online child sexual exploitation, and they didn’t do it. Can we try a different pathway forward?

I’d like to put myself out of a job. I don’t want to ever hear another story like John Doe #1 ever again. This will require work. I’ve often called online child sexual exploitation the lynchpin for the internet. It’s time to arm generations of children with knowledge and tools. I can’t do this alone.

Individuals have fought so that I could have freedom online. I want to fight to protect it. I don’t want child predators to give the government any opportunity to take away freedom. Decentralized spaces are as close to a reset as we’ll get with the opportunity to do it right from the start. Start the youth off correctly by preventing potential hazards to the best of your ability.

The good news is anyone can work on this! I’d encourage you to take it and run with it. I added the additional education about the history of the internet to make the course more educational and fun. Instead of cleaning up generations of destroyed lives due to online sexual exploitation, perhaps this could inspire generations of those who will build our futures. Perhaps if the youth is armed with knowledge, they can create more tools to prevent the crime.

This one solution that I’m suggesting can be done on an individual level or on a larger scale. It should be adjusted depending on age, learning style, etc. It should be fun and playful.

This solution does not address abuse in the home or some of the root causes of offline child sexual exploitation. My hope is that it could lead to some survivors experiencing abuse in the home an opportunity to disclose with a trusted adult. The purpose for this solution is to prevent the crime of online child sexual exploitation before it occurs and to arm the youth with the tools to contact safe adults if and when it happens.

In closing, I went to hell a few times so that you didn’t have to. I spoke to the mothers of survivors of minors sexually exploited online—their tears could fill rivers. I’ve spoken with political dissidents who yearned to be free from authoritarian surveillance states. The only balance that I’ve found is freedom online for citizens around the globe and prevention from the dangers of that for the youth. Don’t slow down innovation and freedom. Educate, prepare, adapt, and look for solutions.

I’m not perfect and I’m sure that there are errors in this piece. I hope that you find them and it starts a conversation.

@ 75eeefe8:a4a71f88

Solar Power Tips for a Sustainable Remote Home Office

As more professionals transition to remote work, the need for sustainable and cost-effective solutions has never been greater. One of the most effective ways to reduce your ecological impact and lower energy costs is by harnessing the sun's power—specifically, solar energy.

Solar power is becoming increasingly popular among remote workers, providing a renewable energy source for residences with a home office setup. It helps reduce reliance on fossil fuels, and offers the potential for significant long-term savings.

This blog will list the benefits of using solar power in a remote home office environment. Whether you want to reduce your carbon footprint or reduce your energy expenses, the information will guide you in creating a more sustainable design for a productive home office. Choosing the Right Solar Panels Building a solar-powered home office starts with picking the right solar panels. You can choose from traditional photovoltaic panels to sleek solar shingles that blend with your roof's design.

Recent advancements in solar technology have introduced more compact and efficient panels, making it easier than ever to generate significant power, even in smaller spaces.

When choosing solar panels, prioritize efficiency ratings and durability. High-efficiency panels, such as monocrystalline options, can produce more energy with less surface area. They are ideal if you have limited roof space.

Aesthetics can also play a role, particularly if you want your home office to maintain a modern, professional appearance. For example, solar shingles offer a subtler alternative to standard panels while providing comparable energy production. Essential solar power components Setting up a fully functional solar-powered home office requires more than just panels. Below are the essential components to consider:

Inverters

Solar panels create direct current (DC), but most home appliances run on alternating current (AC). Inverters convert DC to AC, so you can use solar power. Look for high-quality inverters, such as micro-inverters, which optimize the output of each panel individually.

Batteries

Energy storage is critical because solar power is not always available. Solar batteries let you save extra energy made during the day so you can use it at night or when it is cloudy. Consider opting for lithium-ion batteries due to their high energy density, long lifespan, and relatively small size.

Mounting hardware

Proper installation is key to getting the most energy from your solar panels and making sure they can handle tough weather. Adjustable mounts let you place your panels to get the most sunlight and ensure they last over time. Benefits of Solar Power in a Home Office You may wonder: why is solar power for a home office such a big deal? Here are the reasons why: Cost savings and environmental impact One of the biggest benefits of using solar power in your home office is the potential to save a lot of money. Making your electricity can help you reduce or even eliminate your monthly energy bills.

The average owner can save between $10,000 and $30,000 over the lifespan of a solar energy system, depending on their location and system size. Plus, federal tax credits, state incentives, and net metering programs can lower both the initial and ongoing costs of going solar. Reliability and independence Solar power also provides unmatched reliability and independence, particularly in areas prone to power outages. Coupling your solar panels with a high-capacity battery storage system allows you to maintain power for essential devices during power cuts.

It becomes a critical advantage if you need to keep your computers, internet, and other tools working to stay productive.

Solar energy also frees you from relying on the power grid, which is especially helpful if you live in rural or remote areas where power may be less reliable or more expensive. Additional Tips for a Sustainable Home Office Maximize your home office with these practical ways: Complementary green technologies Consider incorporating complementary green technologies into your home office, such as:

Smart thermostats

Devices like the Nest or Ecobee learn your habits and adjust the temperature to maximize comfort while minimizing energy usage. A smart thermostat regulates heating and cooling based on your schedule, significantly reducing your energy use and costs.

Energy monitors

Tools like the Sense Home Energy Monitor help track energy usage across your home. You can identify energy-draining devices to make better decisions about allocating and conserving power and optimizing your solar system's efficiency.

LED lighting

Transitioning to LED bulbs uses less energy and makes your lights last longer. They further lower replacement costs and waste. Outdoor solar solutions Sustainability does not have to stop at your office door. The following outdoor solar-powered devices can enhance the eco-friendliness of your entire home environment:

Solar-powered garden lights

These lights use built-in solar panels to charge during the day and illuminate your outdoor spaces at night. They are perfect for adding ambiance to your yard or improving visibility along pathways without increasing your electricity bill.

Solar security cameras

Protect your property with solar-powered security cameras. They are self-sufficient and eliminate the need for extensive wiring.

Solar water features

From fountains to birdbaths, solar-powered water features add aesthetic appeal to your garden while relying entirely on renewable energy. Shine Bright at Home Embracing solar power for your home office is a smart step toward a greener, more cost-effective future. Choosing efficient solar panels, integrating essential components like inverters and batteries, and pairing them with complementary green technologies can help you create a sustainable workspace that aligns with modern, eco-conscious values.

If you're considering finding a home in Laguna, Philippines, solar energy becomes an even more valuable investment. With Laguna’s growing residential developments, eco-friendly communities, and abundant sunlight, homeowners can take full advantage of renewable energy to lower electricity costs and reduce their carbon footprint. Many new housing projects in Laguna also emphasize sustainability, making it easier to integrate solar solutions into your home.

Investing in solar power is more than a commitment to the environment—it is a long-term strategy for saving money and boosting reliability in your day-to-day work life. With these tips, you are well on your way to creating a home office that works as hard for the planet as you do.

@ cb4352cd:a16422d7

As new technologies reshape finance, the traditional banking model faces fresh competition. Let's take a closer look at how the two ecosystems compare today.

What happens when centralized institutions meet decentralized protocols? A transformation of financial services is already underway — and users are at the center of it.

Traditional Banking: Established, Yet Rigid

Traditional banks like JPMorgan Chase, HSBC, and Deutsche Bank have built vast infrastructures over decades. They offer deposit insurance, personal loans, mortgages, and extensive regulatory compliance. Trust, scale, and government support are their major strengths.

However, these institutions often struggle with agility. Opening an international account or sending a cross-border payment can take days and involve considerable fees. Innovations like digital onboarding and instant payments are arriving slowly, hampered by regulatory complexity and legacy systems.

DeFi Platforms: Agile, Accessible, but Risky

By contrast, DeFi protocols such as Uniswap (decentralized exchange), Aave (decentralized lending), and Compound (decentralized borrowing) offer near-instant services, accessible globally 24/7.

DeFi users maintain custody of their own assets. No bank approvals, no office hours. Fees are often lower, and yields can be attractive. Smart contracts automatically execute transactions, removing human bottlenecks.

But DeFi isn't without risks. Without insurance, users are exposed to smart contract bugs, hacks, and protocol failures. Regulatory protections are minimal, and scams can proliferate among unverified projects.

The Bridge Between Worlds: Emerging Hybrids

Interestingly, some traditional players are exploring DeFi-like services. Societe Generale issued tokenized bonds on Ethereum. ING is researching zero-knowledge proofs for financial privacy. Meanwhile, crypto-friendly banks like Silvergate have pioneered instant settlement networks inspired by blockchain efficiency.

The future may not be a winner-takes-all scenario but a convergence: decentralized technology improving traditional services, while banks offer compliant, user-friendly access to digital assets.

Beyond Banking Conference by WeFi: Charting the Future

The ongoing fusion of DeFi and traditional finance will take center stage at the upcoming Beyond Banking Conference by WeFi. Thought leaders and innovators will explore how transparency, smart contracts, and decentralized trust models are redefining global finance.

As these worlds collide, the real question isn't about winners — it's about how finance can evolve to serve a broader, more connected world.

@ 7e538978:a5987ab6

In Jericoacoara, Brazil, a beach town famed for its natural beauty and vibrant tourism, an innovative project is reshaping how locals and visitors think about money. Praia Bitcoin is an ambitious initiative to build a circular economy powered entirely by Bitcoin.

Launched in 2021 by entrepreneur Fernando Motolese, Praia Bitcoin was inspired by the Bitcoin Beach project in El Zonte, El Salvador. The vision is simple: create a self-sustaining Bitcoin economy where businesses and individuals use Bitcoin everyday in place of fiat money.

This idea holds special significance in Jericoacoara, where traditional banking services are scarce. The town lacks even basic infrastructure like ATMs, making financial inclusion a pressing need. With Praia Bitcoin, Bitcoin isn’t just a store of value—it’s a tool to empower a community and connect it to the global economy.

Transforming Jericoacoara with Bitcoin

Since its inception, Praia Bitcoin has worked to foster Bitcoin adoption in the area. Starting with a modest donation of 0.02 BTC, Fernando and his team have built a thriving ecosystem:

• Over 40 businesses now accept Bitcoin, ranging from souvenir shops and tour operators to beach vendors.
• Local students have received Bitcoin-loaded tap-to-pay, Bolt Cards, to use in their daily lives.
• Creative initiatives like “Bitcoin Banana Day” or "Frutas por Sats" (fruits for sats) where children buy fruits for 10 satoshis at school, have brought global attention to the project.

Praia Bitcoin’s success isn’t just about the adoption numbers, it’s about the stories. Families use Bitcoin to shop, business owners save on transaction fees, and children are learning the value of sound money at an early age.

LNbits - The Technology Behind Praia Bitcoin

Creating an economy on Bitcoin’s Lightning Network requires more than enthusiasm, it needs robust tools that are easy to use and adaptable to local needs. That’s where LNbits comes in.

Fernando and the Praia Bitcoin team have used LNbits’ open-source software to solve practical challenges and scale the project. With its modular design, LNbits provides tools that allow Praia Bitcoin to:

• Set Up Wallets: Community members receive user-friendly wallets that connect seamlessly to the Lightning Network, enabling fast, low-cost transactions.
• Issue BoltCards: Using LNbits’ BoltCard extension, the team has distributed NFC-enabled cards, allowing tap-to-pay functionality that makes Bitcoin payments as simple as using a credit card.
• Enable Flexible Payments: The project utilizes LNbits’ Point of Sale TPoS extension that allows merchants to easily receive Lightning Network payments.

Breaking Records, Building Community

Fernando doesn’t just implement solutions, he pushes boundaries. One of his most remarkable achievements was an attempt to set a world record for the most Lightning Network payments in the shortest amount of time. Over the course of one afternoon, 100 children in Jericoacoara received payments of 21,000 satoshis each, demonstrating the scalability and speed of Lightning-powered transactions.

This wasn’t just a technical feat, it was a community moment. The event showed how Bitcoin could serve as a tool for engagement, education, and empowerment, all while highlighting the possibilities of using the Lightning Network for real-world applications.

A Collaborative Approach to Innovation

One of the unique strengths of LNbits is its ability to evolve based on community feedback. While Fernando Motolese and Praia Bitcoin operate independently, their insights have helped refine the LNbits platform.

For example, Fernando’s need for a PIN-less ATM functionality led the LNbits team to implement that feature in the TPoS extension, that had the functionality but required a security PIN. This kind of collaboration isn’t about formal partnerships. It’s about how an open-source ecosystem thrives when real-world needs drive innovation.

The feedback loop between users like Fernando and developers ensures LNbits remains practical and relevant—not just for Praia Bitcoin but for countless other projects worldwide.

The Ripple Effect of Praia Bitcoin

Praia Bitcoin is a case study in what’s possible when Bitcoin meets a strong vision. By leveraging Bitcoin, the Lightning Network and LNbits, the project has redefined financial access in Jericoacoara, proving that small communities can lead big innovations.

For LNbits, Praia Bitcoin showcases the value of adaptable, open-source solutions. Whether it’s creating wallets, enabling NFC payments, or refining tools for real-world use, LNbits provides the infrastructure that makes projects like Praia Bitcoin possible.

But beyond the technical achievements, Praia Bitcoin reminds us of the human impact of Bitcoin adoption. It’s about children buying their first bananas with satoshis, families running businesses with lower fees, and a community connecting to a global financial network for the first time.

Conclusion

Praia Bitcoin’s journey is only getting started and its success is inspiring similar initiatives worldwide. For LNbits, being part of this story, is a testament to the power of the software and of open-source collaboration.

If you’re ready to build the future of Bitcoin adoption, LNbits offers the tools to turn ideas into impact.

Learn More:
- Visit Praia Bitcoin: Praia Bitcoin
- Explore LNbits: LNbits

@ 56cd780f:cbde8b29

This is my first post, with a header and regular text.

@ 21335073:a244b1ad

Warning: This piece contains a conversation about difficult topics. Please proceed with caution.

TL;DR please educate your children about online safety.

Julian Assange wrote in his 2012 book Cypherpunks, “This book is not a manifesto. There isn’t time for that. This book is a warning.” I read it a few times over the past summer. Those opening lines definitely stood out to me. I wish we had listened back then. He saw something about the internet that few had the ability to see. There are some individuals who are so close to a topic that when they speak, it’s difficult for others who aren’t steeped in it to visualize what they’re talking about. I didn’t read the book until more recently. If I had read it when it came out, it probably would have sounded like an unknown foreign language to me. Today it makes more sense.

This isn’t a manifesto. This isn’t a book. There is no time for that. It’s a warning and a possible solution from a desperate and determined survivor advocate who has been pulling and unraveling a thread for a few years. At times, I feel too close to this topic to make any sense trying to convey my pathway to my conclusions or thoughts to the general public. My hope is that if nothing else, I can convey my sense of urgency while writing this. This piece is a watchman’s warning.

When a child steps online, they are walking into a new world. A new reality. When you hand a child the internet, you are handing them possibilities—good, bad, and ugly. This is a conversation about lowering the potential of negative outcomes of stepping into that new world and how I came to these conclusions. I constantly compare the internet to the road. You wouldn’t let a young child run out into the road with no guidance or safety precautions. When you hand a child the internet without any type of guidance or safety measures, you are allowing them to play in rush hour, oncoming traffic. “Look left, look right for cars before crossing.” We almost all have been taught that as children. What are we taught as humans about safety before stepping into a completely different reality like the internet? Very little.

I could never really figure out why many folks in tech, privacy rights activists, and hackers seemed so cold to me while talking about online child sexual exploitation. I always figured that as a survivor advocate for those affected by these crimes, that specific, skilled group of individuals would be very welcoming and easy to talk to about such serious topics. I actually had one hacker laugh in my face when I brought it up while I was looking for answers. I thought maybe this individual thought I was accusing them of something I wasn’t, so I felt bad for asking. I was constantly extremely disappointed and would ask myself, “Why don’t they care? What could I say to make them care more? What could I say to make them understand the crisis and the level of suffering that happens as a result of the problem?”

I have been serving minor survivors of online child sexual exploitation for years. My first case serving a survivor of this specific crime was in 2018—a 13-year-old girl sexually exploited by a serial predator on Snapchat. That was my first glimpse into this side of the internet. I won a national award for serving the minor survivors of Twitter in 2023, but I had been working on that specific project for a few years. I was nominated by a lawyer representing two survivors in a legal battle against the platform. I’ve never really spoken about this before, but at the time it was a choice for me between fighting Snapchat or Twitter. I chose Twitter—or rather, Twitter chose me. I heard about the story of John Doe #1 and John Doe #2, and I was so unbelievably broken over it that I went to war for multiple years. I was and still am royally pissed about that case. As far as I was concerned, the John Doe #1 case proved that whatever was going on with corporate tech social media was so out of control that I didn’t have time to wait, so I got to work. It was reading the messages that John Doe #1 sent to Twitter begging them to remove his sexual exploitation that broke me. He was a child begging adults to do something. A passion for justice and protecting kids makes you do wild things. I was desperate to find answers about what happened and searched for solutions. In the end, the platform Twitter was purchased. During the acquisition, I just asked Mr. Musk nicely to prioritize the issue of detection and removal of child sexual exploitation without violating digital privacy rights or eroding end-to-end encryption. Elon thanked me multiple times during the acquisition, made some changes, and I was thanked by others on the survivors’ side as well.

I still feel that even with the progress made, I really just scratched the surface with Twitter, now X. I left that passion project when I did for a few reasons. I wanted to give new leadership time to tackle the issue. Elon Musk made big promises that I knew would take a while to fulfill, but mostly I had been watching global legislation transpire around the issue, and frankly, the governments are willing to go much further with X and the rest of corporate tech than I ever would. My work begging Twitter to make changes with easier reporting of content, detection, and removal of child sexual exploitation material—without violating privacy rights or eroding end-to-end encryption—and advocating for the minor survivors of the platform went as far as my principles would have allowed. I’m grateful for that experience. I was still left with a nagging question: “How did things get so bad with Twitter where the John Doe #1 and John Doe #2 case was able to happen in the first place?” I decided to keep looking for answers. I decided to keep pulling the thread.

I never worked for Twitter. This is often confusing for folks. I will say that despite being disappointed in the platform’s leadership at times, I loved Twitter. I saw and still see its value. I definitely love the survivors of the platform, but I also loved the platform. I was a champion of the platform’s ability to give folks from virtually around the globe an opportunity to speak and be heard.

I want to be clear that John Doe #1 really is my why. He is the inspiration. I am writing this because of him. He represents so many globally, and I’m still inspired by his bravery. One child’s voice begging adults to do something—I’m an adult, I heard him. I’d go to war a thousand more lifetimes for that young man, and I don’t even know his name. Fighting has been personally dark at times; I’m not even going to try to sugarcoat it, but it has been worth it.

The data surrounding the very real crime of online child sexual exploitation is available to the public online at any time for anyone to see. I’d encourage you to go look at the data for yourself. I believe in encouraging folks to check multiple sources so that you understand the full picture. If you are uncomfortable just searching around the internet for information about this topic, use the terms “CSAM,” “CSEM,” “SG-CSEM,” or “AI Generated CSAM.” The numbers don’t lie—it’s a nightmare that’s out of control. It’s a big business. The demand is high, and unfortunately, business is booming. Organizations collect the data, tech companies often post their data, governments report frequently, and the corporate press has covered a decent portion of the conversation, so I’m sure you can find a source that you trust.

Technology is changing rapidly, which is great for innovation as a whole but horrible for the crime of online child sexual exploitation. Those wishing to exploit the vulnerable seem to be adapting to each technological change with ease. The governments are so far behind with tackling these issues that as I’m typing this, it’s borderline irrelevant to even include them while speaking about the crime or potential solutions. Technology is changing too rapidly, and their old, broken systems can’t even dare to keep up. Think of it like the governments’ “War on Drugs.” Drugs won. In this case as well, the governments are not winning. The governments are talking about maybe having a meeting on potentially maybe having legislation around the crimes. The time to have that meeting would have been many years ago. I’m not advocating for governments to legislate our way out of this. I’m on the side of educating and innovating our way out of this.

I have been clear while advocating for the minor survivors of corporate tech platforms that I would not advocate for any solution to the crime that would violate digital privacy rights or erode end-to-end encryption. That has been a personal moral position that I was unwilling to budge on. This is an extremely unpopular and borderline nonexistent position in the anti-human trafficking movement and online child protection space. I’m often fearful that I’m wrong about this. I have always thought that a better pathway forward would have been to incentivize innovation for detection and removal of content. I had no previous exposure to privacy rights activists or Cypherpunks—actually, I came to that conclusion by listening to the voices of MENA region political dissidents and human rights activists. After developing relationships with human rights activists from around the globe, I realized how important privacy rights and encryption are for those who need it most globally. I was simply unwilling to give more power, control, and opportunities for mass surveillance to big abusers like governments wishing to enslave entire nations and untrustworthy corporate tech companies to potentially end some portion of abuses online. On top of all of it, it has been clear to me for years that all potential solutions outside of violating digital privacy rights to detect and remove child sexual exploitation online have not yet been explored aggressively. I’ve been disappointed that there hasn’t been more of a conversation around preventing the crime from happening in the first place.

What has been tried is mass surveillance. In China, they are currently under mass surveillance both online and offline, and their behaviors are attached to a social credit score. Unfortunately, even on state-run and controlled social media platforms, they still have child sexual exploitation and abuse imagery pop up along with other crimes and human rights violations. They also have a thriving black market online due to the oppression from the state. In other words, even an entire loss of freedom and privacy cannot end the sexual exploitation of children online. It’s been tried. There is no reason to repeat this method.

It took me an embarrassingly long time to figure out why I always felt a slight coldness from those in tech and privacy-minded individuals about the topic of child sexual exploitation online. I didn’t have any clue about the “Four Horsemen of the Infocalypse.” This is a term coined by Timothy C. May in 1988. I would have been a child myself when he first said it. I actually laughed at myself when I heard the phrase for the first time. I finally got it. The Cypherpunks weren’t wrong about that topic. They were so spot on that it is borderline uncomfortable. I was mad at first that they knew that early during the birth of the internet that this issue would arise and didn’t address it. Then I got over it because I realized that it wasn’t their job. Their job was—is—to write code. Their job wasn’t to be involved and loving parents or survivor advocates. Their job wasn’t to educate children on internet safety or raise awareness; their job was to write code.

They knew that child sexual abuse material would be shared on the internet. They said what would happen—not in a gleeful way, but a prediction. Then it happened.

I equate it now to a concrete company laying down a road. As you’re pouring the concrete, you can say to yourself, “A terrorist might travel down this road to go kill many, and on the flip side, a beautiful child can be born in an ambulance on this road.” Who or what travels down the road is not their responsibility—they are just supposed to lay the concrete. I’d never go to a concrete pourer and ask them to solve terrorism that travels down roads. Under the current system, law enforcement should stop terrorists before they even make it to the road. The solution to this specific problem is not to treat everyone on the road like a terrorist or to not build the road.

So I understand the perceived coldness from those in tech. Not only was it not their job, but bringing up the topic was seen as the equivalent of asking a free person if they wanted to discuss one of the four topics—child abusers, terrorists, drug dealers, intellectual property pirates, etc.—that would usher in digital authoritarianism for all who are online globally.

Privacy rights advocates and groups have put up a good fight. They stood by their principles. Unfortunately, when it comes to corporate tech, I believe that the issue of privacy is almost a complete lost cause at this point. It’s still worth pushing back, but ultimately, it is a losing battle—a ticking time bomb.

I do think that corporate tech providers could have slowed down the inevitable loss of privacy at the hands of the state by prioritizing the detection and removal of CSAM when they all started online. I believe it would have bought some time, fewer would have been traumatized by that specific crime, and I do believe that it could have slowed down the demand for content. If I think too much about that, I’ll go insane, so I try to push the “if maybes” aside, but never knowing if it could have been handled differently will forever haunt me. At night when it’s quiet, I wonder what I would have done differently if given the opportunity. I’ll probably never know how much corporate tech knew and ignored in the hopes that it would go away while the problem continued to get worse. They had different priorities. The most voiceless and vulnerable exploited on corporate tech never had much of a voice, so corporate tech providers didn’t receive very much pushback.

Now I’m about to say something really wild, and you can call me whatever you want to call me, but I’m going to say what I believe to be true. I believe that the governments are either so incompetent that they allowed the proliferation of CSAM online, or they knowingly allowed the problem to fester long enough to have an excuse to violate privacy rights and erode end-to-end encryption. The US government could have seized the corporate tech providers over CSAM, but I believe that they were so useful as a propaganda arm for the regimes that they allowed them to continue virtually unscathed.

That season is done now, and the governments are making the issue a priority. It will come at a high cost. Privacy on corporate tech providers is virtually done as I’m typing this. It feels like a death rattle. I’m not particularly sure that we had much digital privacy to begin with, but the illusion of a veil of privacy feels gone.

To make matters slightly more complex, it would be hard to convince me that once AI really gets going, digital privacy will exist at all.

I believe that there should be a conversation shift to preserving freedoms and human rights in a post-privacy society.

I don’t want to get locked up because AI predicted a nasty post online from me about the government. I’m not a doomer about AI—I’m just going to roll with it personally. I’m looking forward to the positive changes that will be brought forth by AI. I see it as inevitable. A bit of privacy was helpful while it lasted. Please keep fighting to preserve what is left of privacy either way because I could be wrong about all of this.

On the topic of AI, the addition of AI to the horrific crime of child sexual abuse material and child sexual exploitation in multiple ways so far has been devastating. It’s currently out of control. The genie is out of the bottle. I am hopeful that innovation will get us humans out of this, but I’m not sure how or how long it will take. We must be extremely cautious around AI legislation. It should not be illegal to innovate even if some bad comes with the good. I don’t trust that the governments are equipped to decide the best pathway forward for AI. Source: the entire history of the government.

I have been personally negatively impacted by AI-generated content. Every few days, I get another alert that I’m featured again in what’s called “deep fake pornography” without my consent. I’m not happy about it, but what pains me the most is the thought that for a period of time down the road, many globally will experience what myself and others are experiencing now by being digitally sexually abused in this way. If you have ever had your picture taken and posted online, you are also at risk of being exploited in this way. Your child’s image can be used as well, unfortunately, and this is just the beginning of this particular nightmare. It will move to more realistic interpretations of sexual behaviors as technology improves. I have no brave words of wisdom about how to deal with that emotionally. I do have hope that innovation will save the day around this specific issue. I’m nervous that everyone online will have to ID verify due to this issue. I see that as one possible outcome that could help to prevent one problem but inadvertently cause more problems, especially for those living under authoritarian regimes or anyone who needs to remain anonymous online. A zero-knowledge proof (ZKP) would probably be the best solution to these issues. There are some survivors of violence and/or sexual trauma who need to remain anonymous online for various reasons. There are survivor stories available online of those who have been abused in this way. I’d encourage you seek out and listen to their stories.

There have been periods of time recently where I hesitate to say anything at all because more than likely AI will cover most of my concerns about education, awareness, prevention, detection, and removal of child sexual exploitation online, etc.

Unfortunately, some of the most pressing issues we’ve seen online over the last few years come in the form of “sextortion.” Self-generated child sexual exploitation (SG-CSEM) numbers are continuing to be terrifying. I’d strongly encourage that you look into sextortion data. AI + sextortion is also a huge concern. The perpetrators are using the non-sexually explicit images of children and putting their likeness on AI-generated child sexual exploitation content and extorting money, more imagery, or both from minors online. It’s like a million nightmares wrapped into one. The wild part is that these issues will only get more pervasive because technology is harnessed to perpetuate horror at a scale unimaginable to a human mind.

Even if you banned phones and the internet or tried to prevent children from accessing the internet, it wouldn’t solve it. Child sexual exploitation will still be with us until as a society we start to prevent the crime before it happens. That is the only human way out right now.

There is no reset button on the internet, but if I could go back, I’d tell survivor advocates to heed the warnings of the early internet builders and to start education and awareness campaigns designed to prevent as much online child sexual exploitation as possible. The internet and technology moved quickly, and I don’t believe that society ever really caught up. We live in a world where a child can be groomed by a predator in their own home while sitting on a couch next to their parents watching TV. We weren’t ready as a species to tackle the fast-paced algorithms and dangers online. It happened too quickly for parents to catch up. How can you parent for the ever-changing digital world unless you are constantly aware of the dangers?

I don’t think that the internet is inherently bad. I believe that it can be a powerful tool for freedom and resistance. I’ve spoken a lot about the bad online, but there is beauty as well. We often discuss how victims and survivors are abused online; we rarely discuss the fact that countless survivors around the globe have been able to share their experiences, strength, hope, as well as provide resources to the vulnerable. I do question if giving any government or tech company access to censorship, surveillance, etc., online in the name of serving survivors might not actually impact a portion of survivors negatively. There are a fair amount of survivors with powerful abusers protected by governments and the corporate press. If a survivor cannot speak to the press about their abuse, the only place they can go is online, directly or indirectly through an independent journalist who also risks being censored. This scenario isn’t hard to imagine—it already happened in China. During #MeToo, a survivor in China wanted to post their story. The government censored the post, so the survivor put their story on the blockchain. I’m excited that the survivor was creative and brave, but it’s terrifying to think that we live in a world where that situation is a necessity.

I believe that the future for many survivors sharing their stories globally will be on completely censorship-resistant and decentralized protocols. This thought in particular gives me hope. When we listen to the experiences of a diverse group of survivors, we can start to understand potential solutions to preventing the crimes from happening in the first place.

My heart is broken over the gut-wrenching stories of survivors sexually exploited online. Every time I hear the story of a survivor, I do think to myself quietly, “What could have prevented this from happening in the first place?” My heart is with survivors.

My head, on the other hand, is full of the understanding that the internet should remain free. The free flow of information should not be stopped. My mind is with the innocent citizens around the globe that deserve freedom both online and offline.

The problem is that governments don’t only want to censor illegal content that violates human rights—they create legislation that is so broad that it can impact speech and privacy of all. “Don’t you care about the kids?” Yes, I do. I do so much that I’m invested in finding solutions. I also care about all citizens around the globe that deserve an opportunity to live free from a mass surveillance society. If terrorism happens online, I should not be punished by losing my freedom. If drugs are sold online, I should not be punished. I’m not an abuser, I’m not a terrorist, and I don’t engage in illegal behaviors. I refuse to lose freedom because of others’ bad behaviors online.

I want to be clear that on a long enough timeline, the governments will decide that they can be better parents/caregivers than you can if something isn’t done to stop minors from being sexually exploited online. The price will be a complete loss of anonymity, privacy, free speech, and freedom of religion online. I find it rather insulting that governments think they’re better equipped to raise children than parents and caretakers.

So we can’t go backwards—all that we can do is go forward. Those who want to have freedom will find technology to facilitate their liberation. This will lead many over time to decentralized and open protocols. So as far as I’m concerned, this does solve a few of my worries—those who need, want, and deserve to speak freely online will have the opportunity in most countries—but what about online child sexual exploitation?

When I popped up around the decentralized space, I was met with the fear of censorship. I’m not here to censor you. I don’t write code. I couldn’t censor anyone or any piece of content even if I wanted to across the internet, no matter how depraved. I don’t have the skills to do that.

I’m here to start a conversation. Freedom comes at a cost. You must always fight for and protect your freedom. I can’t speak about protecting yourself from all of the Four Horsemen because I simply don’t know the topics well enough, but I can speak about this one topic.

If there was a shortcut to ending online child sexual exploitation, I would have found it by now. There isn’t one right now. I believe that education is the only pathway forward to preventing the crime of online child sexual exploitation for future generations.

I propose a yearly education course for every child of all school ages, taught as a standard part of the curriculum. Ideally, parents/caregivers would be involved in the education/learning process.

Course: - The creation of the internet and computers - The fight for cryptography - The tech supply chain from the ground up (example: human rights violations in the supply chain) - Corporate tech - Freedom tech - Data privacy - Digital privacy rights - AI (history-current) - Online safety (predators, scams, catfishing, extortion) - Bitcoin - Laws - How to deal with online hate and harassment - Information on who to contact if you are being abused online or offline - Algorithms - How to seek out the truth about news, etc., online

The parents/caregivers, homeschoolers, unschoolers, and those working to create decentralized parallel societies have been an inspiration while writing this, but my hope is that all children would learn this course, even in government ran schools. Ideally, parents would teach this to their own children.

The decentralized space doesn’t want child sexual exploitation to thrive. Here’s the deal: there has to be a strong prevention effort in order to protect the next generation. The internet isn’t going anywhere, predators aren’t going anywhere, and I’m not down to let anyone have the opportunity to prove that there is a need for more government. I don’t believe that the government should act as parents. The governments have had a chance to attempt to stop online child sexual exploitation, and they didn’t do it. Can we try a different pathway forward?

I’d like to put myself out of a job. I don’t want to ever hear another story like John Doe #1 ever again. This will require work. I’ve often called online child sexual exploitation the lynchpin for the internet. It’s time to arm generations of children with knowledge and tools. I can’t do this alone.

Individuals have fought so that I could have freedom online. I want to fight to protect it. I don’t want child predators to give the government any opportunity to take away freedom. Decentralized spaces are as close to a reset as we’ll get with the opportunity to do it right from the start. Start the youth off correctly by preventing potential hazards to the best of your ability.

The good news is anyone can work on this! I’d encourage you to take it and run with it. I added the additional education about the history of the internet to make the course more educational and fun. Instead of cleaning up generations of destroyed lives due to online sexual exploitation, perhaps this could inspire generations of those who will build our futures. Perhaps if the youth is armed with knowledge, they can create more tools to prevent the crime.

This one solution that I’m suggesting can be done on an individual level or on a larger scale. It should be adjusted depending on age, learning style, etc. It should be fun and playful.

This solution does not address abuse in the home or some of the root causes of offline child sexual exploitation. My hope is that it could lead to some survivors experiencing abuse in the home an opportunity to disclose with a trusted adult. The purpose for this solution is to prevent the crime of online child sexual exploitation before it occurs and to arm the youth with the tools to contact safe adults if and when it happens.

In closing, I went to hell a few times so that you didn’t have to. I spoke to the mothers of survivors of minors sexually exploited online—their tears could fill rivers. I’ve spoken with political dissidents who yearned to be free from authoritarian surveillance states. The only balance that I’ve found is freedom online for citizens around the globe and prevention from the dangers of that for the youth. Don’t slow down innovation and freedom. Educate, prepare, adapt, and look for solutions.

I’m not perfect and I’m sure that there are errors in this piece. I hope that you find them and it starts a conversation.

@ 56cd780f:cbde8b29

I hope you like it

.

@ a07fae46:7d83df92

if the JFK documents come out and are nothing but old hat, it will be disappointing. but if they contain revelations, then they are an unalloyed good. unprecedented and extraordinary; worthy of praise and admiration. they murdered the president in broad daylight and kept 80,000 related documents secret for 60 years. the apparatus that did that and got away with it, is 100+ years in the making. the magic bullet was just the starting pistol of a new era; a level up in an old game. it won't be dismantled and your republic delivered back with a bow in 2 months. have a little humility and a little gratitude. cynicism is easy. it's peak mid-wittery. yeah no shit everything is corrupt and everyone's likely captured by AIPAC or something beyond. YOU THINK AIPAC is the ALL SEEING EYE?

you can keep going, if you want to, but have some awareness and appreciation for where we are and what it took to get here. the first 'you are fake news' was also a shot heard 'round the world and you are riding high on it's Infrasound wave, still reverberating; unappreciative of the profound delta in public awareness and understanding, and rate of change, that has occurred since that moment, in 2017. think about where we were back then, especially with corporate capture of the narrative. trump's bullheaded behavior, if only ego-driven, is what broke the spell. an actual moment of savage bravery is what allows for your current jaded affectation. black pilled is boring. it's intellectually lazy. it is low-resolution-thinking, no better than progressives who explain the myriad ills of the world through 'racism'. normalcy bias works both ways. i'm not grading you on a curve that includes NPCs. i'm grading you against those of us with a mind, on up. do better.

the best Webb-style doomer argument is essentially 'the mouse trap needs a piece of cheese in order to work'. ok, but it doesn't need 3 pieces of cheese, or 5. was FreeRoss the piece of cheese? was the SBR the cheese? real bitcoiners know how dumb the 'sbr is an attempt to takeover btc' narrative is, so extrapolate from that. what about withdrawal from the WHO? freeze and review of USAID et al? how many pieces of cheese before we realize it's not a trap? it's just a messy endeavor.

Good morning.

jfkFiles #nostrOnly

@ 56cd780f:cbde8b29

Let'‘s see if they appear in the right order.

First we have an apple.

Then we have a banana.

And lastly, a pear.

@ 56cd780f:cbde8b29

❤️🔥✨

@ bc52210b:20bfc6de

When writing safety critical code, every arithmetic operation carries the potential for catastrophic failure—whether that’s a plane crash in aerospace engineering or a massive financial loss in a smart contract.

The stakes are incredibly high, and errors are not just bugs; they’re disasters waiting to happen. Smart contract developers need to shift their mindset: less like web developers, who might prioritize speed and iteration, and more like aerospace engineers, where precision, caution, and meticulous attention to detail are non-negotiable.

In practice, this means treating every line of code as a critical component, adopting rigorous testing, and anticipating worst-case scenarios—just as an aerospace engineer would ensure a system can withstand extreme conditions.

Safety critical code demands aerospace-level precision, and smart contract developers must rise to that standard to protect against the severe consequences of failure.

@ df173277:4ec96708

Building Our Confidential Backend on Secure Enclaves

With our newly released private and confidential Maple AI and the open sourcing of our OpenSecret platform code, I'm excited to present this technical primer on how we built our confidential compute platform leveraging secure enclaves. By combining AWS Nitro enclaves with end-to-end encryption and reproducible builds, our platform gives developers and end users the confidence that user data is protected, even at runtime, and that the code operating on their data has not been tampered with.

Auth and Databases Today

As developers, we live in an era where protecting user data means "encryption at rest," plus some access policies and procedures. Developers typically run servers that:

1. Need to register users (authentication).
2. Collect and process user data in business-specific ways, often on the backend.

Even if data is encrypted at rest, it's commonly unlocked with a single master key or credentials the server holds. This means that data is visible during runtime to the application, system administrators, and potentially to the hosting providers. This scenario makes it difficult (or impossible) to guarantee that sensitive data isn't snooped on, memory-dumped, or used in unauthorized ways (for instance, training AI models behind the scenes).

"Just Trust Us" Isn't Good Enough

In a traditional server architecture, users have to take it on faith that the code handling their data is the same code the operator claims to be running. Behind the scenes, applications can be modified or augmented to forward private information elsewhere, and there is no transparent way for users to verify otherwise. This lack of proof is unsettling, especially for services that process or store highly confidential data.

Administrators, developers, or cloud providers with privileged access can inspect memory in plaintext, attach debuggers, or gain complete visibility into stored information. Hackers who compromise these privileged levels can directly access sensitive data. Even with strict policies or promises of good conduct, the reality is that technical capabilities and misconfigurations can override words on paper. If a server master key can decrypt your data or can be accessed by an insider with root permissions, then "just trust us" loses much of its credibility.

The rise of AI platforms amplifies this dilemma. User data, often full of personal details, gets funneled into large-scale models that might be training or fine-tuning behind the scenes. Relying on vague assurances that "we don't look at your data" is no longer enough to prevent legitimate concerns about privacy and misuse. Now more than ever, providing a strong, verifiable guarantee that data remains off-limits, even when actively processed, has become a non-negotiable requirement for trustworthy services.

Current Attempts at Securing Data

Current User Experience of E2EE Apps

While properly securing data is not easy, it isn't to say that no one is trying. Some solutions use end-to-end encryption (E2EE), where user data is encrypted client-side with a password or passphrase, so not even the server operator can decrypt it. That approach can be quite secure, but it also has its limitations:

1. Key Management Nightmares: If a user forgets their passphrase, the data is effectively lost, and there's no way to recover it from the developer's side.
2. Feature Limitations: Complex server-side operations (like offline/background tasks, AI queries, real-time collaboration, or heavy computation) can't easily happen if the server is never capable of processing decrypted data.
3. Platform Silos: Some solutions rely on iCloud, Google Drive, or local device storage. That can hamper multi-device usage or multi-OS compatibility.

Other approaches include self-hosting. However, these either burden users with dev ops overhead or revert to the "trust me" model for the server if you "self-host" on a cloud provider.

Secure Enclaves

The Hybrid Approach

Secure enclaves offer a compelling middle ground. They combine the privacy benefits of keeping data secure from prying admins while still allowing meaningful server-side computation. In a nutshell, an enclave is a protected environment within a machine, isolated at the hardware level, so that even if the OS or server is compromised, the data and code inside the enclave remain hidden.

App Service Running Inside Secure Enclave

High-Level Goal of Enclaves

Enclaves, also known under the broader umbrella of confidential computing, aim to:\ • Lock down data so that only authorized code within the enclave can process the original plaintext data.\ • Deny external inspection by memory dumping, attaching a debugger, or intercepting plaintext network traffic.\ • Prove to external users or services that an enclave is running unmodified, approved code (this is where remote attestation comes in).

Different Secure Enclave Solutions

AMD SEV (Secure Encrypted Virtualization) encrypts an entire virtual machine's memory so that even a compromised hypervisor cannot inspect or modify guest data. Its core concept is "lift-and-shift" security. No application refactoring is required because hardware-based encryption automatically protects the OS and all VM applications. Later enhancements (SEV-ES and SEV-SNP) added encryption of CPU register states and memory integrity protections, further limiting hypervisor tampering. This broad coverage means the guest OS is included in the trusted boundary. AMD SEV has matured into a robust solution for confidential VMs in multi-tenant clouds.

Intel TDX (Trust Domain Extensions) shifts from process-level enclaves to full VM encryption, allowing an entire guest operating system and its applications to run in an isolated "trust domain." Like AMD SEV, Intel TDX encrypts and protects all memory the VM uses from hypervisors or other privileged software, so developers do not need to refactor their code to benefit from hardware-based confidentiality. This broader scope addresses many SGX limitations, such as strict memory bounds and the need to split out enclave-specific logic, and offers a more straightforward "lift-and-shift" path for running existing workloads privately. While SGX is now deprecated, TDX carries forward the core confidential computing principles but applies them at the virtual machine level for more substantial isolation, easier deployment, and the ability to scale up to large, memory-intensive applications.

Apple Secure Enclave and Private Compute is a dedicated security coprocessor embedded in most Apple devices (iPhones, iPads, Macs) and now extended to Apple's server-side AI infrastructure. It runs its own microkernel, has hardware-protected memory, and securely manages operations such as biometric authentication, key storage, and cryptographic tasks. Apple's "Private Compute" approach in the cloud brings similar enclave capabilities to server-based AI, enabling on-device-grade privacy even when requests are processed in Apple's data centers.

AWS Nitro Enclaves carve out a tightly isolated "mini-VM" from a parent EC2 instance, with its own vCPUs and memory guarded by dedicated Nitro cards. The enclave has no persistent storage and no external network access, significantly reducing the attack surface. Communication with the parent instance occurs over a secure local channel (vsock), and AWS offers hardware-based attestation so that secrets (e.g., encryption keys from AWS KMS) can be accessed only to the correct enclave. This design helps developers protect sensitive data or code even if the main EC2 instance's OS is compromised.

NVIDIA GPU TEEs (Hopper H100 and Blackwell) extend confidential computing to accelerated workloads by encrypting data in GPU memory and ensuring that even a privileged host cannot view or tamper with it. Data moving between CPU and GPU is encrypted in transit, so sensitive model weights or inputs remain protected during AI training or inference. NVIDIA's hardware and drivers handle secure data paths under the hood, allowing confidential large language model (LLM) workloads and other GPU-accelerated computations to run with minimal performance overhead and strong security guarantees.

Key Benefits

One major advantage of enclaves is their ability to keep memory completely off-limits to outside prying eyes. Even administrators who can normally inspect processes at will are blocked from peeking into the enclave's protected memory space. The enclave model is a huge shift in the security model: it prevents casual inspection and defends against sophisticated memory dumping techniques that might otherwise leak secrets or sensitive data.

Another key benefit centers on cryptographic keys that are never exposed outside the enclave. Only verified code running inside the enclave environment can run decryption or signing operations, and it can only do so while that specific code is running. This ensures that compromised hosts or rogue processes, even those with high-level privileges, are unable to intercept or misuse the keys because the keys remain strictly within the trusted boundary of the hardware.

Enclaves can also offer the power of remote attestation, allowing external clients or systems to confirm that they're speaking to an authentic, untampered enclave. By validating the hardware's integrity measurements and enclave-specific proofs, the remote party can be confident in the underlying security properties, an important guarantee in multi-tenant environments or whenever trust boundaries extend across different organizations and networks.

Beyond that, reproducible builds can create a verifiable fingerprint proving which binary runs in the enclave. This is a step above a simple "trust us" approach. Anyone can independently recreate the enclave image and verify the resulting cryptographic hash by using a reproducible build system (for example, our NixOS-based solution). If it matches, then users and developers know precisely how code handles their data, boosting confidence that no hidden changes exist.

It's worth noting that although enclaves shield you from software devs, cloud providers, and insider threats, you do have to trust the hardware vendor (Intel, AMD, Apple, AWS, or NVIDIA) to implement their microcode and firmware securely. The entire enclave model could be theoretically undermined if a CPU maker's root keys or manufacturing process were compromised. Fortunately, these companies undergo extensive audits and firmware validations (often with third-party researchers), and their remote attestation mechanisms allow you to confirm specific firmware versions before trusting an enclave. While this adds a layer of "vendor trust," it's still a far more contained risk than trusting an entire operating system or cloud stack, so enclaves remain a strong step forward in practical, confidential computing.

How We Use Secure Enclaves

Now that we've covered the general idea of enclaves let's look at how we specifically implement them in OpenSecret, our developer platform for handling user auth, private keys, data encryption, and AI workloads.

Our Stack: AWS Nitro + Nvidia TEE

• AWS Nitro Enclaves for the backend: All critical logic, authentication, private key management, and data encryption/decryption run inside an AWS Nitro Enclave.

• Nvidia Trusted Execution for AI: For large AI inference (such as the Llama 3.3 70B model), we utilize Nvidia's GPU-based TEEs to protect even GPU memory. This means users can feed sensitive data to the AI model without exposing it in plaintext to the GPU providers or us as the operator. Edgeless Systems is our Nvidia TEE provider, and due to the power of enclave verification, we don't need to worry about who runs the GPUs. We know requests can't be inspected or tampered with.

End-to-End Encryption from Client to Enclave

Client-side Enclave Attestation from Maple AI

Before login or data upload, the user/client verifies the enclave attestation from our platform. This process proves that the specific Nitro Enclave is genuine and runs the exact code we've published. You can check this out live on Maple AI's attestation page.

Based on the attestation, the client establishes a secure ephemeral communication channel that only that enclave can decrypt. While we take advantage of SSL, it is typically not terminated inside the enclave itself. To ensure there's full encrypted data transfer all the way through to the enclave, we establish this additional handshake based on the attestation document that is used for all API requests during the client session.

From there, the user's credentials, private keys, and data pass through this secure channel directly into the enclave, where they are decrypted and processed according to the user's request.

In-Enclave Operations

At the core of OpenSecret's approach is the conviction that security-critical tasks must happen inside the enclave, where even administrative privileges or hypervisor-level compromise cannot expose plaintext data. This encompasses everything from when a user logs in to creating and managing sensitive cryptographic keys. By confining these operations to a protected hardware boundary, developers can focus on building their applications without worrying about accidental data leaks, insider threats, or malicious attempts to harvest credentials. The enclave becomes the ultimate gatekeeper: it controls how data flows and ensures that nothing escapes in plain form.

User Auth Methods running inside Enclave

A primary example is user authentication. All sign-in workflows, including email/password, OAuth, and upcoming passkey-based methods, are handled entirely within the enclave. As soon as a user's credentials enter our platform through the encrypted channel, they are routed straight into the protected environment, bypassing the host's operating system or any potential snooping channels. From there, authentication and session details remain in the enclave, ensuring that privileged outsiders cannot intercept or modify them. By centralizing these identity flows within a sealed environment, developers can assure their users that no one outside the enclave (including the cloud provider or the app's own sysadmins) can peek at, tamper with, or access sensitive login information.

Main Enclave Operations in OpenSecret

The same principle applies to private key management. Whether keys are created fresh in the enclave or securely transferred into it, they remain sealed away from the rest of the system. Operations like digital signing or content decryption happen only within the hardware boundary, so raw keys never appear in any log, file system, or memory space outside the enclave. Developers retain the functionality they need, such as verifying user actions, encrypting data, or enabling secure transactions without ever exposing keys to a broader (and more vulnerable) attack surface. User backup options exist as well, where the keys can be securely passed to the end user.

Realtime Encrypted Data Sync on Multiple Devices

Another crucial aspect is data encryption at rest. While user data ultimately needs to be stored somewhere outside the enclave, the unencrypted form of that data only exists transiently inside the protected environment. Encryption and decryption routines run within the enclave, which holds the encryption keys strictly in memory under hardware guards. If a user uploads data, it is promptly secured before it leaves the enclave. When data is retrieved, it remains encrypted until it reenters the protected region and is passed back to the user through the secured communication channel. This ensures that even if someone gains access to the underlying storage or intercepts data in transit, they will see only meaningless ciphertext.

Confidential AI Workloads

Finally, confidential AI workloads build upon this same pattern: the Nitro enclave re-encrypts data so it can be processed inside a GPU-based trusted execution environment (TEE) for inference or other advanced computations. Sensitive data, like user-generated text or private documents, never appears in the clear on the host or within GPU memory outside the TEE boundary. When an AI process finishes, only the results are returned to the enclave, which can then relay them securely to the requesting user. By seamlessly chaining enclaves together, from CPU-based Nitro Enclaves to GPU-accelerated TEEs, we can deliver robust, hardware-enforced privacy for virtually any type of server-side or AI-driven operation.

Reproducible Builds + Verification

Client verifies enclave attestation document

We build our enclaves on NixOS with reproducible builds, ensuring that anyone can verify that the binary we publish is indeed the binary running in the enclave. This build process is essential for proving we haven't snuck in malicious code to exfiltrate data or collect sensitive logs.

Our code is fully open source (GitHub: OpenSecret), so you can audit or run it yourself. You can also verify that the cryptographic measurement the build process outputs matches the measurement reported by the enclave during attestation.

Putting It All Together

OpenSecret Offering: Private Key Management, Encrypted Sync, Private AI, and Confidential Compute

By weaving secure enclaves into every step, from authentication to data handling to AI inference, we shift the burden of trust away from human policies and onto provable, hardware-based protections. For app developers, you can offer your users robust privacy guarantees without rewriting all your business logic or building an entire security stack from scratch. Whether you're storing user credentials or running complex operations on sensitive data, the enclave approach ensures plaintext remains inaccessible to even the most privileged parties outside the enclave boundary. Developers can focus on building great apps, while OpenSecret handles the cryptographic "lock and key" behind the scenes.

This model provides a secure-by-design environment for industries that demand strict data confidentiality, such as healthcare, fintech, cryptocurrency apps for secure key management, or decentralized identity platforms. Instead of worrying about memory dumps or backend tampering, you can trust that once data enters the enclave, it's sealed off from unauthorized eyes, including from the app developers themselves. And these safeguards don't just apply to niche use cases. Even general-purpose applications that handle login flows and user-generated content stand to benefit, especially as regulatory scrutiny grows around data privacy and insider threats.

Imagine a telehealth startup using OpenSecret enclaves to protect patient information for remote consultations. Not only would patient data remain encrypted at rest, but any AI-driven analytics to assist with diagnoses could be run privately within the enclave, ensuring no one outside the hardware boundary can peek at sensitive health records. A fintech company could similarly isolate confidential financial transactions, preventing even privileged insiders from viewing or tampering with raw transaction details. These real-world implementations give developers a clear path to adopting enclaves for serious privacy and compliance needs without overhauling their infrastructure.

OpenSecret aims to be a full developer platform with end-to-end security from day one. By incorporating user authentication, data storage, and GPU-based confidential AI into a single service, we eliminate many of the traditional hurdles in adopting enclaves. No more juggling separate tools for cryptographic key management, compliance controls, and runtime privacy. Instead, you get a unified stack that keeps data encrypted in transit, at rest, and in use.

Our solution also caters to the exploding demand for AI applications: with TEE-enabled GPU workloads, you can securely process sensitive data for text inference without ever exposing raw plaintext or sensitive documents to the host system.

The result is a new generation of apps that deliver advanced functionality, like real-time encrypted data sync or AI-driven insights, while preserving user privacy and meeting strict regulatory requirements. You don't have to rely on empty "trust us" promises because hardware enclaves, remote attestation, and reproducible builds collectively guarantee the code is running untampered. In short, OpenSecret offers the building blocks needed to create truly confidential services and experiences, allowing you to innovate while ensuring data protection remains ironclad.

Things to Come

We're excited to build on our enclaved approach. Here's what's on our roadmap:

• Production Launch: We're using this in production now with Maple AI and have a developer preview playground up and running. We'll have the developer environment ready for production in a few months.\ • Multi-Tenant Support: Our platform currently works for single tenants, but we're opening this up so developers can onboard without needing a dedicated instance.\ • Self-Serve Frontend: A dev-friendly portal for provisioning apps, connecting OAuth or email providers, and managing users.\ • External Key Signing Options: Integrations with custom hardware security modules (HSMs) or customer-ran key managers that can only process data upon verifying the enclave attestation.\ • Confidential Computing as a Service: We'll expand our platform so that other developers can quickly create enclaves for specialized workloads without dealing with the complexities of Nitro or GPU TEEs.\ • Additional SDKs: In addition to our JavaScript client-side SDK, we plan to launch official support for Rust, Python, Swift, Java, Go, and more.\ • AI API Proxy with Attestation/Encryption: We already provide an easy way to access a Private AI through Maple AI, but we'd like to open this up more for existing tools and developers. We'll provide a proxy server that users can run on their local machines or servers that properly handle encryption to our OpenAI-compatible API.

Getting Started

Ready to see enclaves in action? Here's how to dive in:\ 1. Run OpenSecret: Check out our open-source repository at OpenSecret on GitHub. You can run your own enclaved environment or try it out locally with Docker.\ 2. Review Our SDK: Our JavaScript client SDK makes it easy to handle sign-ins, put/get encrypted data, sign with user private keys, etc. It handles attestation verification and encryption under the hood, making the API integration seamless.\ 3. Play with Maple AI: Try out Maple AI as an example of an AI app built directly on OpenSecret. Your queries are encrypted end to end, and the Llama model sees them only inside the TEE.\ 4. Developer Preview: Contact us if you want an invite to our early dev platform. We'll guide you through our SDK and give you access to the preview server. We'd love to build with you and incorporate your feedback as we develop this further.

Conclusion

By merging secure enclaves (AWS Nitro and Nvidia GPU TEEs), user authentication, private key management, and an end-to-end verifiable encrypted approach, OpenSecret provides a powerful platform where we protect user data during collection, storage, and processing. Whether it's for standard user management, handling private cryptographic keys, or powering AI inference, the technology ensures that no one, not even us or the cloud provider, can snoop on data in use.

We believe this is the future of trustworthy computing in the cloud. And it's all open source, so you don't have to just take our word for it: you can see and verify everything yourself.

Do you have questions, feedback, or a use case you'd like to test out? Come join us on GitHub, Discord, or email us for a developer preview. We can't wait to see what you build!

Thank you for reading, and welcome to the era of enclaved computing.

@ a296b972:e5a7a2e8

28.04.2025, 16.17 Uhr:

 

Russische Hobby-Flieger konnten mit ihrem Sportflugzeug namens "Andromeda" unter dem Radar bleiben und haben entlang der Hauptstromtrassen mit einem ukrainischen Zwiebelmesser die Stromleitungen gekappt. In einer scharfen Rechtskurve muss wohl eine Flugzeugtür aufgegangen sein und der Pass des Piloten fiel unbemerkt heraus. Die Identität der Täter konnte so schnell festgestellt werden.

28.04.2025, 16.43 Uhr:

Trump hat das europäische Stromnetz gekauft und die in den Umspannwerken eingebauten US-amerikanischen Chips deaktiviert. Es gibt erst wieder Strom, wenn sich die Koalition der Willigen den Friedensverhandlungen für die Ukraine anschließt. Trump hat bewusst in den sonnenreichen Ländern Spanien und Portugal begonnen, das soll als Warnung für ganz Europa gelten. Frau von der Leyen hat bereits scharfen Protest eingelegt, doch Trump hat die SMS sofort gelöscht.

28.04.2025, 17.12 Uhr:

Selensky hat einen Cyber-Angriff auf das europäische Stromnetz gestartet. Er ist wütend, weil sich Macron in dem 15-Minuten-Gespräch mit Trump am Rande der Beerdigung des Papstes in Rom hat abwimmeln lassen. Er beendet die Strom-Blockade erst, wenn Spanien, Portugal und Frankreich Deutschland dazu zwingen, endlich Taurus zu liefern. Auf die Frage, wie Selensky das angestellt hat, soll er geantwortet haben: "Sie sehen ja, wir können es."

Ist natürlich alles nur Joke! Es sollte nur einmal in Bezug auf die Sprengung der Nordstream 2 Pipelines aufgezeigt werden, wie schnell auch unsereins abstruse Erklärungen liefern kann, die vorne und hinten nicht stimmen können.

Dieser Beitrag wurde mit dem Pareto-Client geschrieben.

(Bild von pixabay)

@ 91bea5cd:1df4451c

Definição de ULID:

Timestamp 48 bits, Aleatoriedade 80 bits Sendo Timestamp 48 bits inteiro, tempo UNIX em milissegundos, Não ficará sem espaço até o ano 10889 d.C. e Aleatoriedade 80 bits, Fonte criptograficamente segura de aleatoriedade, se possível.

Gerar ULID

```sql

CREATE EXTENSION IF NOT EXISTS pgcrypto;

CREATE FUNCTION generate_ulid() RETURNS TEXT AS $$ DECLARE -- Crockford's Base32 encoding BYTEA = '0123456789ABCDEFGHJKMNPQRSTVWXYZ'; timestamp BYTEA = E'\000\000\000\000\000\000'; output TEXT = '';

unix_time BIGINT; ulid BYTEA; BEGIN -- 6 timestamp bytes unix_time = (EXTRACT(EPOCH FROM CLOCK_TIMESTAMP()) * 1000)::BIGINT; timestamp = SET_BYTE(timestamp, 0, (unix_time >> 40)::BIT(8)::INTEGER); timestamp = SET_BYTE(timestamp, 1, (unix_time >> 32)::BIT(8)::INTEGER); timestamp = SET_BYTE(timestamp, 2, (unix_time >> 24)::BIT(8)::INTEGER); timestamp = SET_BYTE(timestamp, 3, (unix_time >> 16)::BIT(8)::INTEGER); timestamp = SET_BYTE(timestamp, 4, (unix_time >> 8)::BIT(8)::INTEGER); timestamp = SET_BYTE(timestamp, 5, unix_time::BIT(8)::INTEGER);

-- 10 entropy bytes ulid = timestamp || gen_random_bytes(10);

-- Encode the timestamp output = output || CHR(GET_BYTE(encoding, (GET_BYTE(ulid, 0) & 224) >> 5)); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(ulid, 0) & 31))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(ulid, 1) & 248) >> 3)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(ulid, 1) & 7) << 2) | ((GET_BYTE(ulid, 2) & 192) >> 6))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(ulid, 2) & 62) >> 1)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(ulid, 2) & 1) << 4) | ((GET_BYTE(ulid, 3) & 240) >> 4))); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(ulid, 3) & 15) << 1) | ((GET_BYTE(ulid, 4) & 128) >> 7))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(ulid, 4) & 124) >> 2)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(ulid, 4) & 3) << 3) | ((GET_BYTE(ulid, 5) & 224) >> 5))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(ulid, 5) & 31)));

-- Encode the entropy output = output || CHR(GET_BYTE(encoding, (GET_BYTE(ulid, 6) & 248) >> 3)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(ulid, 6) & 7) << 2) | ((GET_BYTE(ulid, 7) & 192) >> 6))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(ulid, 7) & 62) >> 1)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(ulid, 7) & 1) << 4) | ((GET_BYTE(ulid, 8) & 240) >> 4))); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(ulid, 8) & 15) << 1) | ((GET_BYTE(ulid, 9) & 128) >> 7))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(ulid, 9) & 124) >> 2)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(ulid, 9) & 3) << 3) | ((GET_BYTE(ulid, 10) & 224) >> 5))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(ulid, 10) & 31))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(ulid, 11) & 248) >> 3)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(ulid, 11) & 7) << 2) | ((GET_BYTE(ulid, 12) & 192) >> 6))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(ulid, 12) & 62) >> 1)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(ulid, 12) & 1) << 4) | ((GET_BYTE(ulid, 13) & 240) >> 4))); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(ulid, 13) & 15) << 1) | ((GET_BYTE(ulid, 14) & 128) >> 7))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(ulid, 14) & 124) >> 2)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(ulid, 14) & 3) << 3) | ((GET_BYTE(ulid, 15) & 224) >> 5))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(ulid, 15) & 31)));

RETURN output; END $$ LANGUAGE plpgsql VOLATILE; ```

ULID TO UUID

```sql CREATE OR REPLACE FUNCTION parse_ulid(ulid text) RETURNS bytea AS $$ DECLARE -- 16byte bytes bytea = E'\x00000000 00000000 00000000 00000000'; v char[]; -- Allow for O(1) lookup of index values dec integer[] = ARRAY[ 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 255, 255, 255, 255, 255, 255, 255, 10, 11, 12, 13, 14, 15, 16, 17, 1, 18, 19, 1, 20, 21, 0, 22, 23, 24, 25, 26, 255, 27, 28, 29, 30, 31, 255, 255, 255, 255, 255, 255, 10, 11, 12, 13, 14, 15, 16, 17, 1, 18, 19, 1, 20, 21, 0, 22, 23, 24, 25, 26, 255, 27, 28, 29, 30, 31 ]; BEGIN IF NOT ulid ~* '^[0-7][0-9ABCDEFGHJKMNPQRSTVWXYZ]{25}$' THEN RAISE EXCEPTION 'Invalid ULID: %', ulid; END IF;

v = regexp_split_to_array(ulid, '');

-- 6 bytes timestamp (48 bits) bytes = SET_BYTE(bytes, 0, (dec[ASCII(v[1])] << 5) | dec[ASCII(v[2])]); bytes = SET_BYTE(bytes, 1, (dec[ASCII(v[3])] << 3) | (dec[ASCII(v[4])] >> 2)); bytes = SET_BYTE(bytes, 2, (dec[ASCII(v[4])] << 6) | (dec[ASCII(v[5])] << 1) | (dec[ASCII(v[6])] >> 4)); bytes = SET_BYTE(bytes, 3, (dec[ASCII(v[6])] << 4) | (dec[ASCII(v[7])] >> 1)); bytes = SET_BYTE(bytes, 4, (dec[ASCII(v[7])] << 7) | (dec[ASCII(v[8])] << 2) | (dec[ASCII(v[9])] >> 3)); bytes = SET_BYTE(bytes, 5, (dec[ASCII(v[9])] << 5) | dec[ASCII(v[10])]);

-- 10 bytes of entropy (80 bits); bytes = SET_BYTE(bytes, 6, (dec[ASCII(v[11])] << 3) | (dec[ASCII(v[12])] >> 2)); bytes = SET_BYTE(bytes, 7, (dec[ASCII(v[12])] << 6) | (dec[ASCII(v[13])] << 1) | (dec[ASCII(v[14])] >> 4)); bytes = SET_BYTE(bytes, 8, (dec[ASCII(v[14])] << 4) | (dec[ASCII(v[15])] >> 1)); bytes = SET_BYTE(bytes, 9, (dec[ASCII(v[15])] << 7) | (dec[ASCII(v[16])] << 2) | (dec[ASCII(v[17])] >> 3)); bytes = SET_BYTE(bytes, 10, (dec[ASCII(v[17])] << 5) | dec[ASCII(v[18])]); bytes = SET_BYTE(bytes, 11, (dec[ASCII(v[19])] << 3) | (dec[ASCII(v[20])] >> 2)); bytes = SET_BYTE(bytes, 12, (dec[ASCII(v[20])] << 6) | (dec[ASCII(v[21])] << 1) | (dec[ASCII(v[22])] >> 4)); bytes = SET_BYTE(bytes, 13, (dec[ASCII(v[22])] << 4) | (dec[ASCII(v[23])] >> 1)); bytes = SET_BYTE(bytes, 14, (dec[ASCII(v[23])] << 7) | (dec[ASCII(v[24])] << 2) | (dec[ASCII(v[25])] >> 3)); bytes = SET_BYTE(bytes, 15, (dec[ASCII(v[25])] << 5) | dec[ASCII(v[26])]);

RETURN bytes; END $$ LANGUAGE plpgsql IMMUTABLE;

CREATE OR REPLACE FUNCTION ulid_to_uuid(ulid text) RETURNS uuid AS $$ BEGIN RETURN encode(parse_ulid(ulid), 'hex')::uuid; END $$ LANGUAGE plpgsql IMMUTABLE; ```

UUID to ULID

```sql CREATE OR REPLACE FUNCTION uuid_to_ulid(id uuid) RETURNS text AS $$ DECLARE encoding bytea = '0123456789ABCDEFGHJKMNPQRSTVWXYZ'; output text = ''; uuid_bytes bytea = uuid_send(id); BEGIN

-- Encode the timestamp output = output || CHR(GET_BYTE(encoding, (GET_BYTE(uuid_bytes, 0) & 224) >> 5)); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(uuid_bytes, 0) & 31))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(uuid_bytes, 1) & 248) >> 3)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(uuid_bytes, 1) & 7) << 2) | ((GET_BYTE(uuid_bytes, 2) & 192) >> 6))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(uuid_bytes, 2) & 62) >> 1)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(uuid_bytes, 2) & 1) << 4) | ((GET_BYTE(uuid_bytes, 3) & 240) >> 4))); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(uuid_bytes, 3) & 15) << 1) | ((GET_BYTE(uuid_bytes, 4) & 128) >> 7))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(uuid_bytes, 4) & 124) >> 2)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(uuid_bytes, 4) & 3) << 3) | ((GET_BYTE(uuid_bytes, 5) & 224) >> 5))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(uuid_bytes, 5) & 31)));

-- Encode the entropy output = output || CHR(GET_BYTE(encoding, (GET_BYTE(uuid_bytes, 6) & 248) >> 3)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(uuid_bytes, 6) & 7) << 2) | ((GET_BYTE(uuid_bytes, 7) & 192) >> 6))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(uuid_bytes, 7) & 62) >> 1)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(uuid_bytes, 7) & 1) << 4) | ((GET_BYTE(uuid_bytes, 8) & 240) >> 4))); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(uuid_bytes, 8) & 15) << 1) | ((GET_BYTE(uuid_bytes, 9) & 128) >> 7))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(uuid_bytes, 9) & 124) >> 2)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(uuid_bytes, 9) & 3) << 3) | ((GET_BYTE(uuid_bytes, 10) & 224) >> 5))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(uuid_bytes, 10) & 31))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(uuid_bytes, 11) & 248) >> 3)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(uuid_bytes, 11) & 7) << 2) | ((GET_BYTE(uuid_bytes, 12) & 192) >> 6))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(uuid_bytes, 12) & 62) >> 1)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(uuid_bytes, 12) & 1) << 4) | ((GET_BYTE(uuid_bytes, 13) & 240) >> 4))); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(uuid_bytes, 13) & 15) << 1) | ((GET_BYTE(uuid_bytes, 14) & 128) >> 7))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(uuid_bytes, 14) & 124) >> 2)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(uuid_bytes, 14) & 3) << 3) | ((GET_BYTE(uuid_bytes, 15) & 224) >> 5))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(uuid_bytes, 15) & 31)));

RETURN output; END $$ LANGUAGE plpgsql IMMUTABLE; ```

Gera 11 Digitos aleatórios: YBKXG0CKTH4

```sql -- Cria a extensão pgcrypto para gerar uuid CREATE EXTENSION IF NOT EXISTS pgcrypto;

-- Cria a função para gerar ULID CREATE OR REPLACE FUNCTION gen_lrandom() RETURNS TEXT AS $$ DECLARE ts_millis BIGINT; ts_chars TEXT; random_bytes BYTEA; random_chars TEXT; base32_chars TEXT := '0123456789ABCDEFGHJKMNPQRSTVWXYZ'; i INT; BEGIN -- Pega o timestamp em milissegundos ts_millis := FLOOR(EXTRACT(EPOCH FROM clock_timestamp()) * 1000)::BIGINT;

-- Converte o timestamp para base32
ts_chars := '';
FOR i IN REVERSE 0..11 LOOP
    ts_chars := ts_chars || substr(base32_chars, ((ts_millis >> (5 * i)) & 31) + 1, 1);
END LOOP;

-- Gera 10 bytes aleatórios e converte para base32
random_bytes := gen_random_bytes(10);
random_chars := '';
FOR i IN 0..9 LOOP
    random_chars := random_chars || substr(base32_chars, ((get_byte(random_bytes, i) >> 3) & 31) + 1, 1);
    IF i < 9 THEN
        random_chars := random_chars || substr(base32_chars, (((get_byte(random_bytes, i) & 7) << 2) | (get_byte(random_bytes, i + 1) >> 6)) & 31 + 1, 1);
    ELSE
        random_chars := random_chars || substr(base32_chars, ((get_byte(random_bytes, i) & 7) << 2) + 1, 1);
    END IF;
END LOOP;

-- Concatena o timestamp e os caracteres aleatórios
RETURN ts_chars || random_chars;

END; $$ LANGUAGE plpgsql; ```

Exemplo de USO

```sql -- Criação da extensão caso não exista CREATE EXTENSION IF NOT EXISTS pgcrypto; -- Criação da tabela pessoas CREATE TABLE pessoas ( ID UUID DEFAULT gen_random_uuid ( ) PRIMARY KEY, nome TEXT NOT NULL );

-- Busca Pessoa na tabela SELECT * FROM "pessoas" WHERE uuid_to_ulid ( ID ) = '252FAC9F3V8EF80SSDK8PXW02F'; ```

Fontes

• https://github.com/scoville/pgsql-ulid
• https://github.com/geckoboard/pgulid

@ 91bea5cd:1df4451c

Definição de ULID:

Timestamp 48 bits, Aleatoriedade 80 bits Sendo Timestamp 48 bits inteiro, tempo UNIX em milissegundos, Não ficará sem espaço até o ano 10889 d.C. e Aleatoriedade 80 bits, Fonte criptograficamente segura de aleatoriedade, se possível.

Gerar ULID

```sql

CREATE EXTENSION IF NOT EXISTS pgcrypto;

CREATE FUNCTION generate_ulid() RETURNS TEXT AS $$ DECLARE -- Crockford's Base32 encoding BYTEA = '0123456789ABCDEFGHJKMNPQRSTVWXYZ'; timestamp BYTEA = E'\000\000\000\000\000\000'; output TEXT = '';

unix_time BIGINT; ulid BYTEA; BEGIN -- 6 timestamp bytes unix_time = (EXTRACT(EPOCH FROM CLOCK_TIMESTAMP()) * 1000)::BIGINT; timestamp = SET_BYTE(timestamp, 0, (unix_time >> 40)::BIT(8)::INTEGER); timestamp = SET_BYTE(timestamp, 1, (unix_time >> 32)::BIT(8)::INTEGER); timestamp = SET_BYTE(timestamp, 2, (unix_time >> 24)::BIT(8)::INTEGER); timestamp = SET_BYTE(timestamp, 3, (unix_time >> 16)::BIT(8)::INTEGER); timestamp = SET_BYTE(timestamp, 4, (unix_time >> 8)::BIT(8)::INTEGER); timestamp = SET_BYTE(timestamp, 5, unix_time::BIT(8)::INTEGER);

-- 10 entropy bytes ulid = timestamp || gen_random_bytes(10);

-- Encode the timestamp output = output || CHR(GET_BYTE(encoding, (GET_BYTE(ulid, 0) & 224) >> 5)); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(ulid, 0) & 31))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(ulid, 1) & 248) >> 3)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(ulid, 1) & 7) << 2) | ((GET_BYTE(ulid, 2) & 192) >> 6))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(ulid, 2) & 62) >> 1)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(ulid, 2) & 1) << 4) | ((GET_BYTE(ulid, 3) & 240) >> 4))); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(ulid, 3) & 15) << 1) | ((GET_BYTE(ulid, 4) & 128) >> 7))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(ulid, 4) & 124) >> 2)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(ulid, 4) & 3) << 3) | ((GET_BYTE(ulid, 5) & 224) >> 5))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(ulid, 5) & 31)));

-- Encode the entropy output = output || CHR(GET_BYTE(encoding, (GET_BYTE(ulid, 6) & 248) >> 3)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(ulid, 6) & 7) << 2) | ((GET_BYTE(ulid, 7) & 192) >> 6))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(ulid, 7) & 62) >> 1)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(ulid, 7) & 1) << 4) | ((GET_BYTE(ulid, 8) & 240) >> 4))); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(ulid, 8) & 15) << 1) | ((GET_BYTE(ulid, 9) & 128) >> 7))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(ulid, 9) & 124) >> 2)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(ulid, 9) & 3) << 3) | ((GET_BYTE(ulid, 10) & 224) >> 5))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(ulid, 10) & 31))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(ulid, 11) & 248) >> 3)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(ulid, 11) & 7) << 2) | ((GET_BYTE(ulid, 12) & 192) >> 6))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(ulid, 12) & 62) >> 1)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(ulid, 12) & 1) << 4) | ((GET_BYTE(ulid, 13) & 240) >> 4))); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(ulid, 13) & 15) << 1) | ((GET_BYTE(ulid, 14) & 128) >> 7))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(ulid, 14) & 124) >> 2)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(ulid, 14) & 3) << 3) | ((GET_BYTE(ulid, 15) & 224) >> 5))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(ulid, 15) & 31)));

RETURN output; END $$ LANGUAGE plpgsql VOLATILE; ```

ULID TO UUID

```sql CREATE OR REPLACE FUNCTION parse_ulid(ulid text) RETURNS bytea AS $$ DECLARE -- 16byte bytes bytea = E'\x00000000 00000000 00000000 00000000'; v char[]; -- Allow for O(1) lookup of index values dec integer[] = ARRAY[ 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 255, 255, 255, 255, 255, 255, 255, 10, 11, 12, 13, 14, 15, 16, 17, 1, 18, 19, 1, 20, 21, 0, 22, 23, 24, 25, 26, 255, 27, 28, 29, 30, 31, 255, 255, 255, 255, 255, 255, 10, 11, 12, 13, 14, 15, 16, 17, 1, 18, 19, 1, 20, 21, 0, 22, 23, 24, 25, 26, 255, 27, 28, 29, 30, 31 ]; BEGIN IF NOT ulid ~* '^[0-7][0-9ABCDEFGHJKMNPQRSTVWXYZ]{25}$' THEN RAISE EXCEPTION 'Invalid ULID: %', ulid; END IF;

v = regexp_split_to_array(ulid, '');

-- 6 bytes timestamp (48 bits) bytes = SET_BYTE(bytes, 0, (dec[ASCII(v[1])] << 5) | dec[ASCII(v[2])]); bytes = SET_BYTE(bytes, 1, (dec[ASCII(v[3])] << 3) | (dec[ASCII(v[4])] >> 2)); bytes = SET_BYTE(bytes, 2, (dec[ASCII(v[4])] << 6) | (dec[ASCII(v[5])] << 1) | (dec[ASCII(v[6])] >> 4)); bytes = SET_BYTE(bytes, 3, (dec[ASCII(v[6])] << 4) | (dec[ASCII(v[7])] >> 1)); bytes = SET_BYTE(bytes, 4, (dec[ASCII(v[7])] << 7) | (dec[ASCII(v[8])] << 2) | (dec[ASCII(v[9])] >> 3)); bytes = SET_BYTE(bytes, 5, (dec[ASCII(v[9])] << 5) | dec[ASCII(v[10])]);

-- 10 bytes of entropy (80 bits); bytes = SET_BYTE(bytes, 6, (dec[ASCII(v[11])] << 3) | (dec[ASCII(v[12])] >> 2)); bytes = SET_BYTE(bytes, 7, (dec[ASCII(v[12])] << 6) | (dec[ASCII(v[13])] << 1) | (dec[ASCII(v[14])] >> 4)); bytes = SET_BYTE(bytes, 8, (dec[ASCII(v[14])] << 4) | (dec[ASCII(v[15])] >> 1)); bytes = SET_BYTE(bytes, 9, (dec[ASCII(v[15])] << 7) | (dec[ASCII(v[16])] << 2) | (dec[ASCII(v[17])] >> 3)); bytes = SET_BYTE(bytes, 10, (dec[ASCII(v[17])] << 5) | dec[ASCII(v[18])]); bytes = SET_BYTE(bytes, 11, (dec[ASCII(v[19])] << 3) | (dec[ASCII(v[20])] >> 2)); bytes = SET_BYTE(bytes, 12, (dec[ASCII(v[20])] << 6) | (dec[ASCII(v[21])] << 1) | (dec[ASCII(v[22])] >> 4)); bytes = SET_BYTE(bytes, 13, (dec[ASCII(v[22])] << 4) | (dec[ASCII(v[23])] >> 1)); bytes = SET_BYTE(bytes, 14, (dec[ASCII(v[23])] << 7) | (dec[ASCII(v[24])] << 2) | (dec[ASCII(v[25])] >> 3)); bytes = SET_BYTE(bytes, 15, (dec[ASCII(v[25])] << 5) | dec[ASCII(v[26])]);

RETURN bytes; END $$ LANGUAGE plpgsql IMMUTABLE;

CREATE OR REPLACE FUNCTION ulid_to_uuid(ulid text) RETURNS uuid AS $$ BEGIN RETURN encode(parse_ulid(ulid), 'hex')::uuid; END $$ LANGUAGE plpgsql IMMUTABLE; ```

UUID to ULID

```sql CREATE OR REPLACE FUNCTION uuid_to_ulid(id uuid) RETURNS text AS $$ DECLARE encoding bytea = '0123456789ABCDEFGHJKMNPQRSTVWXYZ'; output text = ''; uuid_bytes bytea = uuid_send(id); BEGIN

-- Encode the timestamp output = output || CHR(GET_BYTE(encoding, (GET_BYTE(uuid_bytes, 0) & 224) >> 5)); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(uuid_bytes, 0) & 31))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(uuid_bytes, 1) & 248) >> 3)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(uuid_bytes, 1) & 7) << 2) | ((GET_BYTE(uuid_bytes, 2) & 192) >> 6))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(uuid_bytes, 2) & 62) >> 1)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(uuid_bytes, 2) & 1) << 4) | ((GET_BYTE(uuid_bytes, 3) & 240) >> 4))); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(uuid_bytes, 3) & 15) << 1) | ((GET_BYTE(uuid_bytes, 4) & 128) >> 7))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(uuid_bytes, 4) & 124) >> 2)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(uuid_bytes, 4) & 3) << 3) | ((GET_BYTE(uuid_bytes, 5) & 224) >> 5))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(uuid_bytes, 5) & 31)));

-- Encode the entropy output = output || CHR(GET_BYTE(encoding, (GET_BYTE(uuid_bytes, 6) & 248) >> 3)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(uuid_bytes, 6) & 7) << 2) | ((GET_BYTE(uuid_bytes, 7) & 192) >> 6))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(uuid_bytes, 7) & 62) >> 1)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(uuid_bytes, 7) & 1) << 4) | ((GET_BYTE(uuid_bytes, 8) & 240) >> 4))); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(uuid_bytes, 8) & 15) << 1) | ((GET_BYTE(uuid_bytes, 9) & 128) >> 7))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(uuid_bytes, 9) & 124) >> 2)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(uuid_bytes, 9) & 3) << 3) | ((GET_BYTE(uuid_bytes, 10) & 224) >> 5))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(uuid_bytes, 10) & 31))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(uuid_bytes, 11) & 248) >> 3)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(uuid_bytes, 11) & 7) << 2) | ((GET_BYTE(uuid_bytes, 12) & 192) >> 6))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(uuid_bytes, 12) & 62) >> 1)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(uuid_bytes, 12) & 1) << 4) | ((GET_BYTE(uuid_bytes, 13) & 240) >> 4))); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(uuid_bytes, 13) & 15) << 1) | ((GET_BYTE(uuid_bytes, 14) & 128) >> 7))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(uuid_bytes, 14) & 124) >> 2)); output = output || CHR(GET_BYTE(encoding, ((GET_BYTE(uuid_bytes, 14) & 3) << 3) | ((GET_BYTE(uuid_bytes, 15) & 224) >> 5))); output = output || CHR(GET_BYTE(encoding, (GET_BYTE(uuid_bytes, 15) & 31)));

RETURN output; END $$ LANGUAGE plpgsql IMMUTABLE; ```

Gera 11 Digitos aleatórios: YBKXG0CKTH4

```sql -- Cria a extensão pgcrypto para gerar uuid CREATE EXTENSION IF NOT EXISTS pgcrypto;

-- Cria a função para gerar ULID CREATE OR REPLACE FUNCTION gen_lrandom() RETURNS TEXT AS $$ DECLARE ts_millis BIGINT; ts_chars TEXT; random_bytes BYTEA; random_chars TEXT; base32_chars TEXT := '0123456789ABCDEFGHJKMNPQRSTVWXYZ'; i INT; BEGIN -- Pega o timestamp em milissegundos ts_millis := FLOOR(EXTRACT(EPOCH FROM clock_timestamp()) * 1000)::BIGINT;

-- Converte o timestamp para base32
ts_chars := '';
FOR i IN REVERSE 0..11 LOOP
    ts_chars := ts_chars || substr(base32_chars, ((ts_millis >> (5 * i)) & 31) + 1, 1);
END LOOP;

-- Gera 10 bytes aleatórios e converte para base32
random_bytes := gen_random_bytes(10);
random_chars := '';
FOR i IN 0..9 LOOP
    random_chars := random_chars || substr(base32_chars, ((get_byte(random_bytes, i) >> 3) & 31) + 1, 1);
    IF i < 9 THEN
        random_chars := random_chars || substr(base32_chars, (((get_byte(random_bytes, i) & 7) << 2) | (get_byte(random_bytes, i + 1) >> 6)) & 31 + 1, 1);
    ELSE
        random_chars := random_chars || substr(base32_chars, ((get_byte(random_bytes, i) & 7) << 2) + 1, 1);
    END IF;
END LOOP;

-- Concatena o timestamp e os caracteres aleatórios
RETURN ts_chars || random_chars;

END; $$ LANGUAGE plpgsql; ```

Exemplo de USO

```sql -- Criação da extensão caso não exista CREATE EXTENSION IF NOT EXISTS pgcrypto; -- Criação da tabela pessoas CREATE TABLE pessoas ( ID UUID DEFAULT gen_random_uuid ( ) PRIMARY KEY, nome TEXT NOT NULL );

-- Busca Pessoa na tabela SELECT * FROM "pessoas" WHERE uuid_to_ulid ( ID ) = '252FAC9F3V8EF80SSDK8PXW02F'; ```

Fontes

• https://github.com/scoville/pgsql-ulid
• https://github.com/geckoboard/pgulid

@ 91bea5cd:1df4451c

Novia é uma ferramenta inovadora que facilita o arquivamento de vídeos e sua integração com a rede NOSTR (Notes and Other Stuff Transmitted over Relay). Funcionando como uma ponte entre ferramentas de arquivamento de vídeo tradicionais e a plataforma descentralizada, Novia oferece uma solução autônoma para a preservação e compartilhamento de conteúdo audiovisual.

Arquitetura e Funcionamento

A arquitetura de Novia é dividida em duas partes principais:

• Frontend: Atua como a interface do usuário, responsável por solicitar o arquivamento de vídeos. Essas solicitações são encaminhadas para o backend.

• Backend: Processa as solicitações de arquivamento, baixando o vídeo, suas descrições e a imagem de capa associada. Este componente é conectado a um ou mais relays NOSTR, permitindo a indexação e descoberta do conteúdo arquivado.

O processo de arquivamento é automatizado: após o download, o vídeo fica disponível no frontend para que o usuário possa solicitar o upload para um servidor Blossom de sua escolha.

Como Utilizar Novia

1. Acesso: Navegue até https://npub126uz2g6ft45qs0m0rnvtvtp7glcfd23pemrzz0wnt8r5vlhr9ufqnsmvg8.nsite.lol.

2. Login: Utilize uma extensão de navegador compatível com NOSTR para autenticar-se.

3. Execução via Docker: A forma mais simples de executar o backend é através de um container Docker. Execute o seguinte comando:

   bash docker run -it --rm -p 9090:9090 -v ./nostr/data:/data --add-host=host.docker.internal:host-gateway teamnovia/novia

   Este comando cria um container, mapeia a porta 9090 para o host e monta o diretório ./nostr/data para persistir os dados.

Configuração Avançada

Novia oferece amplas opções de configuração através de um arquivo yaml. Abaixo, um exemplo comentado:

```yaml mediaStores: - id: media type: local path: /data/media watch: true

database: /data/novia.db

download: enabled: true ytdlpPath: yt-dlp ytdlpCookies: ./cookies.txt tempPath: /tmp targetStoreId: media secret: false

publish: enabled: true key: nsec thumbnailUpload: - https://nostr.download videoUpload: - url: https://nostr.download maxUploadSizeMB: 300 cleanUpMaxAgeDays: 5 cleanUpKeepSizeUnderMB: 2 - url: https://files.v0l.io maxUploadSizeMB: 300 cleanUpMaxAgeDays: 5 cleanUpKeepSizeUnderMB: 2 - url: https://nosto.re maxUploadSizeMB: 300 cleanUpMaxAgeDays: 5 cleanUpKeepSizeUnderMB: 2 - url: https://blossom.primal.net maxUploadSizeMB: 300 cleanUpMaxAgeDays: 5 cleanUpKeepSizeUnderMB: 2

relays: - ws://host.docker.internal:4869 - wss://bostr.bitcointxoko.com secret: false autoUpload: enabled: true maxVideoSizeMB: 100

fetch: enabled: false fetchVideoLimitMB: 10 relays: - match: - nostr - bitcoin

server: port: 9090 enabled: true ```

Explicação das Configurações:

• mediaStores: Define onde os arquivos de mídia serão armazenados (localmente, neste exemplo).
• database: Especifica o local do banco de dados.
• download: Controla as configurações de download de vídeos, incluindo o caminho para o yt-dlp e um arquivo de cookies para autenticação.
• publish: Configura a publicação de vídeos e thumbnails no NOSTR, incluindo a chave privada (nsec), servidores de upload e relays. Atenção: Mantenha sua chave privada em segredo.
• fetch: Permite buscar eventos de vídeo de relays NOSTR para arquivamento.
• server: Define as configurações do servidor web interno de Novia.

Conclusão

Novia surge como uma ferramenta promissora para o arquivamento e a integração de vídeos com o ecossistema NOSTR. Sua arquitetura modular, combinada com opções de configuração flexíveis, a tornam uma solução poderosa para usuários que buscam preservar e compartilhar conteúdo audiovisual de forma descentralizada e resistente à censura. A utilização de Docker simplifica a implantação e o gerenciamento da ferramenta. Para obter mais informações e explorar o código-fonte, visite o repositório do projeto no GitHub: https://github.com/teamnovia/novia.

@ 33baa074:3bb3a297

The application of chlorine in water treatment is mainly reflected in its ability to act as a disinfectant. It can effectively kill bacteria, viruses and other microorganisms in water, thereby reducing the risk of waterborne diseases. The following is a detailed description of the application of chlorine in water treatment:

Disinfection As an effective disinfectant, chlorine is usually added to water during the water treatment process in the form of chlorine gas, chlorophyll acid or chlorine. This process is called chlorination, which ensures that pathogens in the water are effectively eliminated. Chlorine's disinfection ability comes from its strong oxidizing properties, which can destroy the cell structure of microorganisms to achieve the purpose of disinfection.

Disinfection By-products Despite the obvious benefits of chlorine in disinfection, there are also some negative effects. Chlorine disinfection may lead to the formation of disinfection by-products such as chloroform and chloroform, which may pose potential health risks in high concentrations. Therefore, when using chlorine for water treatment, the chlorine content needs to be strictly controlled to ensure the safety of the water.

Chlorine Measurement and Control Monitoring and controlling the chlorine content in the water treatment process is very critical. Total chlorine is the total amount of all forms of chlorine in water, including free residual chlorine, combined residual chlorine and other forms of chlorine such as chlorinated hydrocarbons. Available chlorine refers specifically to the part of chlorine in water that has bactericidal ability, including free residual chlorine, some combined residual chlorine (such as monochromatic and diamorphine) and chlorine dioxide. The measurement of available chlorine is crucial for evaluating the disinfection effect of water.

In summary, the application of chlorine in water treatment is mainly as a disinfectant to kill pathogens in water through its strong oxidizing properties. However, the use of chlorine also needs to be cautious to avoid the generation of harmful disinfection by-products, and other safer disinfectants such as chlorine dioxide can be selected when necessary.

@ df173277:4ec96708

Maple is an AI chat tool that allows you to have private conversations with a general-purpose AI assistant. Chats are synced automatically between devices so you can pick up where you left off.\ Start chatting for free.

We are excited to announce that Maple AI, our groundbreaking end-to-end encrypted AI chat app built on OpenSecret, is now publicly available. After months of beta testing, we are thrilled to bring this innovative technology to the world.

Maple is an AI chat tool that allows you to have private conversations with a general-purpose AI assistant. It can boost your productivity on work tasks such as writing documentation, creating presentations, and drafting emails. You can also use it for personal items like brainstorming ideas, sorting out life's challenges, and tutoring you on difficult coursework. All your chats are synced automatically in a secure way, so you can start on one device and pick up where you left off on another.

Why Secure and Private AI?

In today's digital landscape, it is increasingly evident that security and privacy are essential for individuals and organizations alike. Unfortunately, the current state of AI tools falls short. A staggering 48% of organizations enter non-public company information into AI apps, according to a recent report by Cisco. This practice poses significant risks to company security and intellectual property.

Another concern is for journalists, who often work with sensitive information in hostile environments. Journalists need verification that their information remains confidential and protected when researching topics and communicating with sources in various languages. They are left to use underpowered local AI or input their data into potentially compromised cloud services.

At OpenSecret, we believe it is possible to have both the benefits of AI and the assurance of security and privacy. That's why we created Maple, an app that combines AI productivity with the protection of end-to-end encryption. Our platform ensures that your conversations with AI remain confidential, even from us. The power of the cloud meets the privacy of local.

#### How Does It Work?

Our server code is open source, and we use confidential computing to provide cryptographic proof that the code running on our servers is the same as the open-source code available for review. This process allows you to verify that your conversations are handled securely and privately without relying on trust. We live by the principle of "Don't trust, verify," and we believe this approach is essential for building in the digital age. You can read a more in-depth write-up on our technology later this week on this site.

How Much Does It Cost?

We are committed to making Maple AI accessible to everyone, so we offer a range of pricing plans to suit different needs and budgets. Our Free plan allows for 10 chats per week, while our Starter plan ($5.99/month) and Pro plan ($20/month) offer more comprehensive solutions for individuals and organizations with heavier workloads. We accept credit cards and Bitcoin (10% discount), allowing you to choose your preferred payment method.

• Free: $0
• Starter: $5.99/month
• Pro: $20/month

Our goal with Maple AI is to create a product that is secure through transparency. By combining open-source code, cryptography, and confidential computing, we can create a new standard for AI conversations - one that prioritizes your security and privacy.

Maple has quickly become a daily tool of productivity for our own work and those of our beta testers. We believe it will bring value to you as well. Sign up now and start chatting privately with AI for free. Your secrets are safe in the open.

#### Are You An App Developer?

You can build an app like Maple. OpenSecret provides secure auth, private key management, encrypted data sync, private AI, and more. Our straightforward API behaves like other backends but automatically adds security and privacy. Use it to secure existing apps or brand-new projects. Protect yourself and your users from the liability of hosting personal data by checking out OpenSecret.

Enjoy private AI Chat 🤘

@ 68768a6c:0eaf07e9

You don’t talk about it much — but you’re tired. Tired of pretending you're okay. Tired of giving your best and wondering if it’s even enough. Tired of being strong for everyone else while quietly falling apart.

But here's something you might not hear often: I’m proud of you.

Not because you’ve figured everything out — but because you haven’t given up. Even with the weight on your shoulders, you're still here. Still trying. Still hoping. Still holding on.

That counts. That matters. That’s strength too.

The truth is, progress doesn’t always look like big wins. Sometimes it’s just getting out of bed. Sometimes it’s choosing peace over proving a point. Sometimes it’s breathing through the pain and saying, “I’ll try again tomorrow.”

So if no one has told you lately: You’re doing better than you think. Rest if you need to. Cry if you must. But don’t stop. Because something beautiful is growing from everything you’re surviving.

@ df173277:4ec96708

Maple AI combines the best of both worlds – encryption and personal AI – to create a truly private AI experience. Discuss personal and company items with Maple, we can't read them even if we wanted to.\ Join the waitlist to get early access.

We are a culture of app users. Every day, we give our personal information to websites and apps, hoping they are safe. Location data, eating habits, financial details, and health information are just a few examples of what we entrust to third parties. People are now entering a new era of computing that promises next-level benefits when given even more personal data: AI.

Should we sacrifice our privacy to unlock the productivity gains of AI? Should we hope our information won't be used in ways we disagree? We believe we can have the best of both worlds – privacy and personal AI – and have built a new project called Maple AI. Chat between you and an AI with full end-to-end encryption. We believe it's a game-changer for individuals seeking private and secure conversations.

Building a Private Foundation

Maple is built on our flagship product, OpenSecret, a backend platform for app developers that turns private encryption on by default. The announcement post for OpenSecret explains our vision for an encrypted world and what the platform can do. We think both users and developers benefit when sensitive personal information is encrypted in a private vault; it's a win-win.

The Power of Encrypted AI Chat

AI chat is a personal and intimate experience. It's a place to share your thoughts, feelings, and desires without fear of judgment. The more you share with an AI chatbot, the more powerful it becomes. It can offer personalized insights, suggestions, and guidance tailored to your unique needs and perspectives. However, this intimacy requires trust, and that's where traditional AI chatbots often fall short.

Traditional AI chats are designed to collect and analyze your data, often without your explicit consent. This data is used to improve the AI's performance, but it also creates a treasure trove of sensitive information that can be mined, sold, or even exploited by malicious actors. Maple AI takes a different approach. By using end-to-end encryption, we ensure that your conversations remain private and secure, even from us.

Technical Overview

So, how does Maple AI achieve this level of privacy and security? Here are some key technical aspects:

• Private Key: Each user has a unique private key that is automatically managed for them. This key encrypts and decrypts conversations, ensuring that only the user can access their data.
• Secure Servers: Our servers are designed with security in mind. We use secure enclaves to protect sensitive data and ensure that even our own team can't access your conversations.
• Encrypted Sync: One of Maple's most significant benefits is its encrypted sync feature. Unlike traditional AI chatbots, which store conversations in local storage or on standard cloud servers, Maple syncs your chats across all your devices. The private key managed by our secure servers means you can pick up where you left off on any device without worrying about your data being compromised.
• Attestation and Open Code: We publish our enclave code publicly. Using a process called attestation, users can verify that the code running on the enclave is the same as the code audited by the public.
• Open Source LLM: Maple uses major open-source models to maximize the openness of responses. The chat box does not filter what you can talk about. This transparency ensures that our AI is trustworthy and unbiased.

Personal and Work Use

Maple is secure enough to handle your personal questions and work tasks. Because we can't see what you chat about, you are free to use AI as an assistant on sensitive company items. Use it for small tasks like writing an important email or large tasks like developing your organization's strategy. Feed it sensitive information; it's just you and AI in the room. Attestation provides cryptographic proof that your corporate secrets are safe.

Local v Cloud

Today's AI tools provide different levels of privacy. The main options are to trust a third party with your unencrypted data, hoping they don't do anything with it, or run your own AI locally on an underpowered machine. We created a third option. Maple gives you the power of cloud computing combined with the privacy and security of a machine running on your desk. It's the best of both worlds.

Why the Maple name?

Privacy isn't just a human value - it's a natural one exemplified by the Maple tree. These organisms communicate with each other through a network of underground fungal hyphae, sending messages and sharing resources in a way that's completely invisible to organisms above ground. This discreet communication system allows Maple trees to thrive in even the most challenging environments. Our goal is to provide a way for everyone to communicate with AI securely so they can thrive in any environment.

Join the Waitlist

Maple AI will launch in early 2025 with free and paid plans. We can't wait to share it with the world. Join our waitlist today to be among the first to experience the power of private AI chat.

@ df173277:4ec96708

OpenSecret is a backend for app developers that turns private encryption on by default. When sensitive data is readable only by the user, it protects both the user and the developer, creating a more free and open internet. We'll be launching in 2025. Join our waitlist to get early access.

In today's digital age, personal data is both an asset and a liability. With the rise of data breaches and cyber attacks, individuals and companies struggle to protect sensitive information. The consequences of a data breach can be devastating, resulting in financial losses, reputational damage, and compromised user trust. In 2023, the average data breach cost was $5 million, with some resulting in losses of over $1 billion.

Meanwhile, individuals face problems related to identity theft, personal safety, and public embarrassment. Think about the apps on your phone, even the one you're using to read this. How much data have you trusted to other people, and how would it feel if that data were leaked online?

Thankfully, some incredibly talented cypherpunks years ago gave the world cryptography. We can encrypt data, rendering it a secret between two people. So why then do we have data breaches?

Cryptography at scale is hard.

The Cloud

The cloud has revolutionized how we store and process data, but it has limitations. While cloud providers offer encryption, it mainly protects data in transit. Once data is stored in the cloud, it's often encrypted with a shared key, which can be accessed by employees, third-party vendors, or compromised by hackers.

The solution is to generate a personal encryption password for each user, make sure they write it down, and, most importantly, hope they don't lose it. If the password is lost, the data is forever unreadable. That can be overwhelming, leading to low app usage.

Private key encryption needs a UX upgrade.

Enter OpenSecret

OpenSecret is a developer platform that enables encryption by default. Our platform provides a suite of security tools for app developers, including private key management, encrypted sync, private AI, and confidential compute.

Every user has a private vault for their data, which means only they can read it. Developers are free to store less sensitive data in a shared manner because there is still a need to aggregate data across the system.

Private Key Management

Private key management is the superpower that enables personal encryption per user. When each user has a unique private key, their data can be truly private. Typically, using a private key is a challenging experience for the user because they must write down a long autogenerated number or phrase of 12-24 words. If they lose it, their data is gone.

OpenSecret uses secure enclaves to make private keys as easy as an everyday login experience that users are familiar with. Instead of managing a complicated key, the user logs in with an email address or a social media account.

The developer doesn't have to manage private keys and can focus on the app's user experience. The user doesn't have to worry about losing a private key and can jump into using your app.

Encrypted Sync

With user keys safely managed, we can synchronize user data to every device while maintaining privacy. The user does not need to do complicated things like scanning QR codes from one device to the next. Just log in and go.

The user wins because the data is available on all their devices. The developer wins because only the user can read the data, so it isn't a liability to them.

Private AI

Artificial intelligence is here and making its way into everything. The true power of AI is unleashed when it can act on personal and company data. The current options are to run your own AI locally on an underpowered machine or to trust a third party with your data, hoping they don't read it or use it for anything.

OpenSecret combines the power of cloud computing with the privacy and security of a machine running on your desk.

Check out Maple AI\ Try private AI for yourself! We built an app built with this service called Maple AI. It is an AI chat that is 100% private in a verifiable manner. Give it your innermost thoughts or embarrassing ideas; we can't judge you. We built Maple using OpenSecret, which means you have a private key that is automatically managed for you, and your chat history is synchronized to all your devices. Learn more about Maple AI - Private chat in the announcement post.

Confidential Compute

Confidential computing is a game-changer for data security. It's like the secure hardware that powers Apple Pay and Google Pay on your phone but in the cloud. Users can verify through a process called attestation that their data is handled appropriately. OpenSecret can help you run your own custom app backend code that would benefit from the security of an enclave.

It's the new version of that lock on your web browser. When you see it, you know you're secure.

But do we want our secrets to be open?

OpenSecret renders a data breach practically useless. If hackers get into the backend, they enter a virtual hallway of locked private vaults. The leaked data would be gibberish, a secret in the open that is unreadable.

On the topic of openness, OpenSecret uses the power of open source to enable trust in the service. We publish our code in the open, and, using attestation, anyone can verify that private data is being handled as expected. This openness also provides developers with a backup option to safely and securely export their data.

Don't trust, verify.

Join the Movement

We're currently building out OpenSecret, and we invite you to join us on the journey. Our platform can work with your existing stack, and you can pick and choose the features you need. If you want to build apps with encryption enabled, send us a message to get early access.

Users and companies deserve better encryption and privacy.\ Together, let's make that a reality.

@ 83279ad2:bd49240d

test

@ f977c464:32fcbe00

Kendisini aynada ilk defa gördüğü o gün, diğerleri gibi olduğunu anlamıştı. Oysaki her insan biricik olmalıydı. Sözgelimi sinirlendiğinde bir kaşı diğerinden birkaç milimetre daha az çatılabilirdi veya sevindiğinde dudağı ona has bir açıyla dalgalanabilirdi. Hatta bunların hiçbiri mümkün değilse, en azından, gözlerinin içinde sadece onun sahip olabileceği bir ışık parlayabilirdi. Çok sıradan, öyle sıradan ki kimsenin fark etmediği o milyonlarca minik şeyden herhangi biri. Ne olursa.

Ama yansımasına bakarken bunların hiçbirini bulamadı ve diğer günlerden hiç de farklı başlamamış o gün, işe gitmek için vagonunun gelmesini beklediği alelade bir metro istasyonunda, içinde kaybolduğu illüzyon dağılmaya başladı.

İlk önce derisi döküldü. Tam olarak dökülmedi aslında, daha çok kıvılcımlara dönüşüp bedeninden fırlamış ve bir an sonra sönerek külleşmiş, havada dağılmıştı. Ardında da, kaybolmadan hemen önce, kısa süre için hayal meyal görülebilen, bir ruhun yok oluşuna ağıt yakan rengârenk peri cesetleri bırakmıştı. Beklenenin aksine, havaya toz kokusu yayıldı.

Dehşete düştü elbette. Dehşete düştüler. Panikle üstlerini yırtan 50 işçi. Her şeyin sebebiyse o vagon.

Saçları da döküldü. Her tel, yere varmadan önce, her santimde ikiye ayrıla ayrıla yok oldu.

Bütün yüzeylerin mat olduğu, hiçbir şeyin yansımadığı, suyun siyah aktığı ve kendine ancak kameralarla bakabildiğin bir dünyada, vagonun içine yerleştirilmiş bir aynadan ilk defa kendini görmek.

Gözlerinin akları buharlaşıp havada dağıldı, mercekleri boşalan yeri doldurmak için eriyip yayıldı. Gerçeği görmemek için yaratılmış, bu yüzden görmeye hazır olmayan ve hiç olmayacak gözler.

Her şeyin o anda sona erdiğini sanabilirdi insan. Derin bir karanlık ve ölüm. Görmenin görmek olduğu o anın bitişi.

---

Ben geldiğimde ölmüşlerdi.

Yani bozulmuşlardı demek istiyorum.

Belleklerini yeni taşıyıcılara takmam mümkün olmadı. Fiziksel olarak kusursuz durumdaydılar, olmayanları da tamir edebilirdim ama tüm o hengamede kendilerini baştan programlamış ve girdilerini modifiye etmişlerdi.

Belleklerden birini masanın üzerinden ileriye savurdu. Hınca hınç dolu bir barda oturuyorlardı. O ve arkadaşı.

Sırf şu kendisini insan sanan androidler travma geçirip delirmesin diye neler yapıyoruz, insanın aklı almıyor.

Eliyle arkasını işaret etti.

Polislerin söylediğine göre biri vagonun içerisine ayna yerleştirmiş. Bu zavallılar da kapı açılıp bir anda yansımalarını görünce kafayı kırmışlar.

Arkadaşı bunların ona ne hissettirdiğini sordu. Yani o kadar bozuk, insan olduğunu sanan androidi kendilerini parçalamış olarak yerde görmek onu sarsmamış mıydı?

Hayır, sonuçta belirli bir amaç için yaratılmış şeyler onlar. Kaliteli bir bilgisayarım bozulduğunda üzülürüm çünkü parasını ben vermişimdir. Bunlarsa devletin. Bana ne ki?

Arkadaşı anlayışla kafasını sallayıp suyundan bir yudum aldı. Kravatını biraz gevşetti.

Bira istemediğinden emin misin?

İstemediğini söyledi. Sahi, neden deliriyordu bu androidler?

Basit. Onların yapay zekâlarını kodlarken bir şeyler yazıyorlar. Yazılımcılar. Biliyorsun, ben donanımdayım. Bunlar da kendilerini insan sanıyorlar. Tiplerine bak.

Sesini alçalttı.

Arabalarda kaza testi yapılan mankenlere benziyor hepsi. Ağızları burunları bile yok ama şu geldiğimizden beri sakalını düzeltip duruyor mesela. Hayır, hepsi de diğerleri onun sakalı varmış sanıyor, o manyak bir şey.

Arkadaşı bunun delirmeleriyle bağlantısını çözemediğini söyledi. O da normal sesiyle konuşmaya devam etti.

Anlasana, aynayı falan ayırt edemiyor mercekleri. Lönk diye kendilerini görüyorlar. Böyle, olduğu gibi...

Nedenmiş peki? Ne gerek varmış?

Ne bileyim be abicim! Ahiret soruları gibi.

Birasına bakarak dalıp gitti. Sonra masaya abanarak arkadaşına iyice yaklaştı. Bulanık, bir tünelin ucundaki biri gibi, şekli şemalı belirsiz bir adam.

Ben seni nereden tanıyorum ki ulan? Kimsin sen?

Belleği makineden çıkardılar. İki kişiydiler. Soruşturmadan sorumlu memurlar.

─ Baştan mı başlıyoruz, diye sordu belleği elinde tutan ilk memur.

─ Bir kere daha deneyelim ama bu sefer direkt aynayı sorarak başla, diye cevapladı ikinci memur.

─ Bence de. Yeterince düzgün çalışıyor.

Simülasyon yüklenirken, ayakta, biraz arkada duran ve alnını kaşıyan ikinci memur sormaktan kendisini alamadı:

─ Bu androidleri niye böyle bir olay yerine göndermişler ki? Belli tost olacakları. İsraf. Gidip biz baksak aynayı kırıp delilleri mahvetmek zorunda da kalmazlar.

Diğer memur sandalyesinde hafifçe dönecek oldu, o sırada soruyu bilgisayarın hoparlöründen teknisyen cevapladı.

Hangi işimizde bir yamukluk yok ki be abi.

---

Ama bir son değildi. Üstlerindeki tüm illüzyon dağıldığında ve çıplak, cinsiyetsiz, birbirinin aynı bedenleriyle kaldıklarında sıra dünyaya gelmişti.

Yere düştüler. Elleri -bütün bedeni gibi siyah turmalinden, boğumları çelikten- yere değdiği anda, metronun zemini dağıldı.

Yerdeki karolar öncesinde beyazdı ve çok parlaktı. Tepelerindeki floresan, ışığını olduğu gibi yansıtıyor, tek bir lekenin olmadığı ve tek bir tozun uçmadığı istasyonu aydınlatıyorlardı.

Duvarlara duyurular asılmıştı. Örneğin, yarın akşam kültür merkezinde 20.00’da başlayacak bir tekno blues festivalinin cıvıl cıvıl afişi vardı. Onun yanında daha geniş, sarı puntolu harflerle yazılmış, yatay siyah kesiklerle çerçevesi çizilmiş, bir platformdan düşen çöp adamın bulunduğu “Dikkat! Sarı bandı geçmeyin!” uyarısı. Biraz ilerisinde günlük resmi gazete, onun ilerisinde bir aksiyon filminin ve başka bir romantik komedi filminin afişleri, yapılacakların ve yapılmayacakların söylendiği küçük puntolu çeşitli duyurular... Duvar uzayıp giden bir panoydu. On, on beş metrede bir tekrarlanıyordu.

Tüm istasyonun eni yüz metre kadar. Genişliği on metre civarı.

Önlerinde, açık kapısından o mendebur aynanın gözüktüğü vagon duruyordu. Metro, istasyona sığmayacak kadar uzundu. Bir kılıcın keskinliğiyle uzanıyor ama yer yer vagonların ek yerleriyle bölünüyordu.

Hiçbir vagonda pencere olmadığı için metronun içi, içlerindekiler meçhuldü.

Sonrasında karolar zerrelerine ayrılarak yükseldi. Floresanın ışığında her yeri toza boğdular ve ortalığı gri bir sisin altına gömdüler. Çok kısa bir an. Afişleri dalgalandırmadılar. Dalgalandırmaya vakitleri olmadı. Yerlerinden söküp aldılar en fazla. Işık birkaç kere sönüp yanarak direndi. Son kez söndüğünde bir daha geri gelmedi.

Yine de etraf aydınlıktı. Kırmızı, her yere eşit dağılan soluk bir ışıkla.

Yer tamamen tele dönüşmüştü. Altında çapraz hatlarla desteklenmiş demir bir iskelet. Işık birkaç metreden daha fazla aşağıya uzanamıyordu. Sonsuzluğa giden bir uçurum.

Duvarın yerini aynı teller ve demir iskelet almıştı. Arkasında, birbirine vidalarla tutturulmuş demir plakalardan oluşan, üstünden geçen boruların ek yerlerinden bazen ince buharların çıktığı ve bir süre asılı kaldıktan sonra ağır, yağlı bir havayla sürüklendiği bir koridor.

Diğer tarafta paslanmış, pencerelerindeki camlar kırıldığı için demir plakalarla kapatılmış külüstür bir metro. Kapının karşısındaki aynadan her şey olduğu gibi yansıyordu.

---

Bir konteynırın içini andıran bir evde, gerçi gayet de birbirine eklenmiş konteynırlardan oluşan bir şehirde “andıran” demek doğru olmayacağı için düpedüz bir konteynırın içinde, masaya mum görüntüsü vermek için koyulmuş, yarı katı yağ atıklarından şekillendirilmiş kütleleri yakmayı deniyordu. Kafasında hayvan kıllarından yapılmış grili siyahlı bir peruk. Aynı kıllardan kendisine gür bir bıyık da yapmıştı.

Üstünde mavi çöp poşetlerinden yapılmış, kravatlı, şık bir takım.

Masanın ayakları yerine oradan buradan çıkmış parçalar konulmuştu: bir arabanın şaft mili, üst üste konulmuş ve üstünde yazı okunamayan tenekeler, boş kitaplar, boş gazete balyaları... Hiçbir şeye yazı yazılmıyordu, gerek yoktu da zaten çünkü merkez veri bankası onları fark ettirmeden, merceklerden giren veriyi sentezleyerek insanlar için dolduruyordu. Yani, androidler için. Farklı şekilde isimlendirmek bir fark yaratacaksa.

Onların mercekleri için değil. Bağlantıları çok önceden kopmuştu.

─ Hayatım, sofra hazır, diye bağırdı yatak odasındaki karısına.

Sofrada tabak yerine düz, bardak yerine bükülmüş, çatal ve bıçak yerine sivriltilmiş plakalar.

Karısı salonun kapısında durakladı ve ancak kulaklarına kadar uzanan, kocasınınkine benzeyen, cansız, ölü hayvanların kıllarından ibaret peruğunu eliyle düzeltti. Dudağını, daha doğrusu dudağının olması gereken yeri koyu kırmızı bir yağ tabakasıyla renklendirmeyi denemişti. Biraz da yanaklarına sürmüştü.

─ Nasıl olmuş, diye sordu.

Sesi tek düzeydi ama hafif bir neşe olduğunu hissettiğinize yemin edebilirdiniz.

Üzerinde, çöp poşetlerinin içini yazısız gazete kağıtlarıyla doldurarak yaptığı iki parça giysi.

─ Çok güzelsin, diyerek kravatını düzeltti kocası.

─ Sen de öylesin, sevgilim.

Yaklaşıp kocasını öptü. Kocası da onu. Sonra nazikçe elinden tutarak, sandalyesini geriye çekerek oturmasına yardım etti.

Sofrada yemek niyetine hiçbir şey yoktu. Gerek de yoktu zaten.

Konteynırın kapısı gürültüyle tekmelenip içeri iki memur girene kadar birbirlerine öyküler anlattılar. O gün neler yaptıklarını. İşten erken çıkıp yemyeşil çimenlerde gezdiklerini, uçurtma uçurduklarını, kadının nasıl o elbiseyi bulmak için saatlerce gezip yorulduğunu, kocasının kısa süreliğine işe dönüp nasıl başarılı bir hamleyle yaşanan krizi çözdüğünü ve kadının yanına döndükten sonra, alışveriş merkezinde oturdukları yeni dondurmacının dondurmalarının ne kadar lezzetli olduğunu, boğazlarının ağrımasından korktuklarını...

Akşam film izleyebilirlerdi, televizyonda -boş ve mat bir plaka- güzel bir film oynayacaktı.

İki memur. Çıplak bedenleriyle birbirinin aynı. Ellerindeki silahları onlara doğrultmuşlardı. Mum ışığında, tertemiz bir örtünün serili olduğu masada, bardaklarında şaraplarla oturan ve henüz sofranın ortasındaki hindiye dokunmamış çifti gördüklerinde bocaladılar.

Hiç de androidlere bilinçli olarak zarar verebilecek gibi gözükmüyorlardı.

─ Sessiz kalma hakkına sahipsiniz, diye bağırdı içeri giren ikinci memur. Söylediğiniz her şey...

Cümlesini bitiremedi. Yatak odasındaki, masanın üzerinden gördüğü o şey, onunla aynı hareketleri yapan android, yoksa, bir aynadaki yansıması mıydı?

Bütün illüzyon o anda dağılmaya başladı.

Not: Bu öykü ilk olarak 2020 yılında Esrarengiz Hikâyeler'de yayımlanmıştır.

@ 7d4417d5:3eaf36d4

I'm learning as I go, so take the text below for what it is: my notes on the process. These steps could become outdated quickly, and I may have some wrong assumptions at places. Either way, I have had success, and would like to share my experience for anyone new to the process. If I have made any errors, please reply with corrections so that others may avoid potential pitfalls.

!!! If you have "KYC Bitcoin", keep it in separate wallets from your "Anonymous Bitcoin". Any Anonymous Bitcoin in a wallet with KYC Bitcoin becomes 100% KYC Bitcoin.

!!! It took me several days to get all the right pieces set up before I could even start an exchange with someone.

!!! Using a VPN is highly recommended. If you're not already using one, take the time to find one that suits you and get it running.

!!! If you don't normally buy Amazon Gift Cards, start doing so now, and just send them to yourself, or friends that will give you cash in return, etc. For my first trade, Amazon locked me out of my account for about 22 hours, while I was in the middle of an exchange. All because I had never purchased an Amazon Gift Card before. It was quite nerve wracking. My second trade was for $300, and although my Amazon account wasn't shut down, that order had a status of "Sending" for about 22 hours, due to the large amount. In each of these cases I had multiple phone calls with their customer support, all of whom gave me false expectations. Had I already been sending gift cards to the anonymous email address that I created in the steps below, and maybe other anonymous email addresses that I could make, then I might not have been stalled so much.

---

1. Install Tor Browser for your OS. The RoboSats.com website issues a warning if you are not using Tor Browser. If you don't know what Tor is, I won't explain it all here, but trust me, it's cool and helps keep you anonymous. If you use Firefox, the interface will look very familiar to you.

2. Create a KYC-free e-mail address. I used tutanota.com in Firefox, as it would not allow me to create an account using Tor Browser. After the account was created, using Tor Browser to login, check emails, etc. has been working perfectly. Tutanota requires a 48 hour (or less) waiting period to prevent bots from using their system. You'll be able to login, and even draft an email, but you won't be able to send. After you've been approved, you should be able to login and send an email to your new address. It should show up in your Inbox almost instantly if it's working.

3. Have, or create, at least one Lightning wallet that is compatible with RoboSats.com and has no KYC Bitcoin in it. The RoboSats website has a compatibility chart available to find the best wallet for you. During an exchange on RoboSats, you will need to put up an escrow payment, or bond, in Satoshis. This amount is usually 3% of the total amount being exchanged. If the exchange is successful, the bond payment is canceled, leaving that amount in your wallet untouched, and with no record of it having been used as escrow. If you don't hold up your end of the trade, the bond amount will be transfered from your wallet. I created a wallet, using my new email address, with the Alby extension in the Tor Browser. This anonymous wallet was empty, so I used a separate wallet for the bond payment of my first trade. This wallet had KYC Bitcoin, but since it is being used for a bond payment, and no transaction will be recorded if everything goes okay, I don't mind taking the minuscule risk. After the first trade, I don't need to use the "KYC wallet", and I will use only my anonymous Lightning wallet for transactions related to performing a trade.

4. Create a new Robot Token by going to RoboSats using the Tor Browser. Copy the Token (Robot ID) to a text file as a temporary backup. It is recommended to create a new robot-token for every session of exchanges you make.

5. Select "Offers" to browse what others are presenting. "Create" is for when you want to create an offer of your own. You may need to create your own offer if none of the existing offers match your criteria.

6. Select "Buy" at the top of the page.

7. Select your currency (USD).

8. Select your payment methods by typing "amazon" and selecting (Amazon Gift Card). Repeat this process and select (Amazon USA Gift Card).

9. Determine Priorities - If you prefer to trade quickly, and don't care as much about premiums, look for users with a green dot on the upper-right of their robot icon. If you're not in a hurry, sort users by premium and select the best deal, even if they are inactive. They may become active once they are notified that their offer has activity from you.

10. The Definition of Price = the price with the premium added, but not the bond

11. A. Find A Compatible Offer - Select the row of the desired offer and enter the amount you would like to buy. i.e. $100 If you do not find a compatible offer, you will have to create your own offer.

    B.  **Create An Offer** - First, take a look at "Sell" offers for your same currency and payment method(s) that you will be using.  Take note of the premium those buyers are willing to pay.  If your premium is drastically less than theirs, your offer may get ignored.  Select "Create" at the bottom of the screen.  There is a slider at the top of the screen, select it to see all the options. Select "Buy". Enter the minimum and maximum amount that you wish to spend.  Type "amazon" to select the methods that you would like to use (Amazon Gift Card, Amazon USA Gift Card).  For "Premium Over Market", enter an amount that is competitive with premiums you saw at the start of this step and do not use the % sign!  You can adjust the duration, timer, and bond amount, but I leave those at their default settings.  Select the "Create Order" button, and follow the instructions for making a bond payment.
    

12. Pay the Bond - Copy the invoice that is presented. From your wallet that contains bond funds, select "Send", and paste the invoice as the recipient. This money will never leave your account if the exchange completes without issue. No transaction will be recorded. If there is a complication with the exchange, it is possible that this transaction will complete.

13. Create and Submit Your Invoice for Their Bitcoin Payment To You - Select "Lightning", if not selected by default.* Select the Copy Icon to copy the correct amount of Satoshis. This amount already has the premium deducted. From your anonymous Lightning Wallet, select "Receive", and paste the Satoshi amount. If you enter a description, it's probably best to keep it cryptic. Copy the invoice and paste it into RoboSats; then select "Submit".

    * If you plan on "mixing" your Bitcoin after purchase, it may be better to select "On Chain" and pay the necessary fees swap and mining fees. In the example this comes from, Sparrow wallet is used and has whirlpool ability in its interface.

14. Connect With Seller and Send Funds - Greet the seller in the chat window. The seller has now provided RoboSats with the Bitcoin to transfer to you. Your move is to buy an Amazon eGift Card for the amount of the trade. Log in to your Amazon account and start the process of buying an eGift card. For delivery there is the option of email or txt message. Ask the seller what their preference is, and get their address, or phone number, to enter into Amazon's form. Complete the purchase process on Amazon, and check the status of your order. Once you see the status of "Sent", go back to RoboSats in your Tor Browser.

15. Confirm Your Payment - Select the "Confirm ___ USD Sent" button and notify the seller to check their e-mail/txt messages.

16. Seller Confirmation - Once the seller select their "Confirm" button, the trade will immediately end with a confirmation screen.

17. Verify - If you check the anonymous wallet, the new amount should be presented.

@ 57d1a264:69f1fee1

A debonair day-to-night hideaway fuses heritage charm with contemporary flair in the Penang capital of George Town...

Housed in a historic landmark on George Town’s atmospheric Lebuh Farquhar, just a stone’s throw from the iconic Eastern & Oriental Hotel, MOJO JOJO is a café and brunch spot by day, and a refined eatery come nightfall. With an effortlessly cool edge, the space has been designed by Empt Studio and combines contemporary charm with the energy of this Malaysian city.

Split into two sections, the venue caters to both hotel guests and passersby. One side offers an intimate, tailored dining experience for those seeking a respite from the buzz of outside, while the other spills out onto the street, embracing George Town’s lively buzz. The soaring ceilings create a sense of openness, further enhanced by the introduction of a mezzanine above the kitchen, maximising space without compromising on airiness.

Natural materials feature throughout with custom bamboo display systems and solid Nyatoh timber fixtures lending a rich, textural warmth. Deliberately crafted interlocking joints pay homage to traditional woodworking techniques, reinforcing both strength and authenticity. Every detail nods to meticulous craftsmanship, from the aged wood grains to the earthy material palette that echoes the heritage of its surroundings.

Lighting plays a supporting yet pivotal role, with carefully curated, softly diffused illumination accentuating the textures and forms within. The interplay of warm light and natural materials fosters an immersive, atmospheric retreat from the fast-paced city outside.

A refuge for slow mornings and, later on, offering a more cultured affair, MOJO JOJO is a debonair dining spot for the handsome Penang capital.

Read more https://www.emptstudio.com/projects/mojojojo

originally posted at https://stacker.news/items/966008

@ 57d1a264:69f1fee1

Hubless Wheels + Donut Motor brings manufacturing & performance benefits

Verge Next, a subsidiary of Estonia-based Verge Motorcycles, invented this Donut Motor. It's designed to drive a hubless wheel. Although once seen as something that simply looked cool in renderings, the company says the hubless arrangement brings performance and manufacturing benefits, "delivering unmatched torque and power density with minimal weight."

For one thing, there's no chain, belt or drivetrain required. Secondly, it frees the body of the bike from the task of holding the motor—everything is now contained within that rear wheel.

The company has not only incorporated the Donut Motor into their own bikes, but is now licensing the technology. Assuming it does what it says on the tin, our future streetscapes will be covered with hubless bikes, scooters and motorcycles.

Here's a closer look at a Verge bike and how its design is influenced by the motor:

https://www.youtube.com/watch?v=Og9vlJRe2-M

originally posted at https://stacker.news/items/966001

@ 849838f4:0ea97fbb

2nmn

@ d41bf82f:ed90d888

เบื้องหลังการเปลี่ยนแปลงครั้งใหญ่ในประวัติศาสตร์ เราต้องเข้าใจปัจจัยที่เปลี่ยนแปลงตรรกะของความรุนแรง โดยเฉพาะปัจจัยเชิงมหภาค 4 ประเภทหลัก ได้แก่ ภูมิประเทศ ภูมิอากาศ จุลชีพ และเทคโนโลยี

1. ภูมิประเทศ เป็นตัวกำหนดที่สำคัญมากต่อรูปแบบของรัฐและความสามารถในการควบคุมพลเมืองโดยเฉพาะเมื่อเปรียบระหว่างสภาพภูมิประเทศทางบกและทางทะเล พื้นที่ทะเลเปิดนั้นยากต่อการผูกขาดหรือควบคุม ทำให้กฎของรัฐไม่สามารถบังคับใช้ได้อย่างมีประสิทธิภาพ ต่างจากแผ่นดิน ซึ่งส่งผลต่อการจัดวางอำนาจอย่างลึกซึ้ง เมื่อเศรษฐกิจเริ่มเคลื่อนเข้าสู่โลกไซเบอร์ซึ่งมีลักษณะคล้ายทะเลเปิดมากกว่าภาคพื้นดิน รูปแบบของการปกครองและการใช้ความรุนแรงจึงมีแนวโน้มเปลี่ยนแปลงไปอย่างมีนัยสำคัญ ประวัติศาสตร์ก็สนับสนุนมุมมองนี้ รัฐยุคแรก ๆ มักเกิดขึ้นในพื้นที่ราบลุ่มชลประทานที่ล้อมรอบด้วยทะเลทราย เช่น เมโสโปเตเมียและอียิปต์ ซึ่งทำให้ประชาชนจำเป็นต้องพึ่งพารัฐที่สามารถควบคุมแหล่งน้ำเพื่อดำรงชีวิตได้ ก่อให้เกิดระบบเผด็จการที่มั่นคง ขณะที่ภูมิประเทศที่กระจายอำนาจ เช่น กรีซโบราณ กลับเอื้อต่อการเกิดประชาธิปไตย เพราะผู้คนสามารถพึ่งตนเองได้มากกว่า มีอิสระในการค้าขายทางทะเล และเข้าถึงรายได้ที่นำไปแลกกับอำนาจทางทหารและการเมืองได้
2. ภูมิอากาศก็มีบทบาทไม่แพ้กันในการกำหนดกรอบของอำนาจทางการเมือง เช่น หลังสิ้นยุคน้ำแข็งราว 13,000 ปีก่อน ความเปลี่ยนแปลงของระบบนิเวศทำให้ทุ่งหญ้าเลี้ยงสัตว์ลดลง และป่าทึบเข้ามาแทนที่ ทำให้มนุษย์ต้องเปลี่ยนวิถีชีวิตจากนักล่ามาเป็นเกษตรกรอย่างหลีกเลี่ยงไม่ได้ การเปลี่ยนแปลงนี้ไม่ได้เกิดขึ้นเพราะความสมัครใจ แต่เพราะสิ่งแวดล้อมบีบบังคับ ภูมิอากาศยังมีอิทธิพลต่อเสถียรภาพทางเศรษฐกิจและการเมืองอย่างชัดเจน เช่น ศตวรรษที่ 17 ซึ่งเป็นยุคหนาวเย็นที่สุดช่วงหนึ่งในประวัติศาสตร์ ทำให้เกิดวิกฤตอาหารและความอดอยากทั่วโลก นำไปสู่การก่อกบฏและการปฏิวัติในหลายประเทศ
3. จุลชีพ ก็มีบทบาทในเชิงการเมืองมหภาคอย่างลึกซึ้ง การล่มสลายของประชากรพื้นเมืองในทวีปอเมริกาจากโรคที่ชาวยุโรปนำเข้า เช่น หัด หรือไข้ทรพิษ ทำให้ยุโรปสามารถยึดครองดินแดนเหล่านั้นได้อย่างง่ายดาย แม้ในบางครั้งจะยังไม่ได้ลงจากเรือด้วยซ้ำ ในอีกด้านหนึ่ง จุลชีพก็เคยเป็นกำแพงที่ป้องกันไม่ให้จักรวรรดิยุโรปขยายอำนาจ เช่น มาลาเรียในแอฟริกาที่เคยทำให้พื้นที่เหล่านั้น “ต่อต้านอำนาจจากภายนอก” ได้อย่างนานหลายศตวรรษ
4. เทคโนโลยี ซึ่งเป็นปัจจัยที่ที่ทรงอิทธิพลที่สุดต่อการเปลี่ยนแปลงของโครงสร้างอำนาจในประวัติศาสตร์มนุษย์ เพราะมันสามารถเปลี่ยน “ต้นทุน” และ “ผลตอบแทน” ของการใช้ความรุนแรงได้อย่างรวดเร็วและชัดเจน ทั้งในแง่ของอาณาเขต ขนาดของรัฐ ลักษณะของสงคราม และแม้แต่ความชอบธรรมทางการเมือง ผู้เขียนได้แยกอิทธิพลของเทคโนโลยีออกเป็น 5 มิติหลัก ซึ่งล้วนมีบทบาทอย่างสำคัญในการจัดรูปแบบของอำนาจ ได้แก่:

A. ดุลยภาพระหว่างการโจมตีและการป้องกัน เทคโนโลยีแต่ละยุคมีผลอย่างมากต่อความได้เปรียบระหว่างฝ่ายรุกกับฝ่ายรับ หากเทคโนโลยีในยุคนั้นเอื้อต่อ “การโจมตี” (เช่น เครื่องยิงหิน, รถถัง, ระเบิดทางอากาศ) ต้นทุนของการขยายอำนาจจะต่ำลง รัฐหรือจักรวรรดิจะรวมศูนย์มากขึ้นเพราะสามารถควบคุมพื้นที่กว้างได้ด้วยกำลังที่มีประสิทธิภาพ แต่หากเทคโนโลยีเอื้อให้ “การป้องกัน” มีต้นทุนต่ำและได้เปรียบ (เช่น ปราสาทยุคกลาง, อาวุธต่อต้านอากาศยาน, การเข้ารหัสข้อมูลในโลกไซเบอร์) รัฐจะมีแนวโน้มกระจายตัว และอำนาจท้องถิ่นจะแข็งแกร่งขึ้น

B. ความเท่าเทียมกันทางทหารของพลเมือง เทคโนโลยีอาวุธยังเป็นตัวแปรสำคัญในการกำหนดว่า “พลเมืองธรรมดา” มีอำนาจเพียงใดในการเผชิญหน้ากับชนชั้นปกครอง ตัวอย่างที่ชัดเจนคือในยุคก่อนปฏิวัติดินปืน ชาวนาที่ถือแค่ส้อมหรือจอบไม่อาจต้านอัศวินติดเกราะได้ แต่เมื่อการใช้ปืนแพร่หลาย เส้นแบ่งระหว่างสามัญชนกับขุนนางก็เริ่มจางลง และเกิดการปฏิวัติทางสังคมตามมาในหลายพื้นที่

C. ขนาดขององค์กรที่จำเป็นต่อการใช้ความรุนแรง บางเทคโนโลยีต้องการระบบสนับสนุนขนาดใหญ่ เช่น เสบียง การสื่อสาร การขนส่ง และระบบการฝึกฝนที่ซับซ้อน ซึ่งหมายความว่าเฉพาะองค์กรที่มีทรัพยากรขนาดใหญ่เท่านั้นจึงสามารถใช้อำนาจอย่างมีประสิทธิภาพได้ ตัวอย่างเช่น สมัยสงครามโลก รัฐที่มีอุตสาหกรรมและสายส่งที่มั่นคงเท่านั้นจึงสามารถรบได้นาน

D. ขนาดของกิจกรรมทางเศรษฐกิจในการผลิต ขนาดของหน่วยเศรษฐกิจที่ “เหมาะสมที่สุด” ในการผลิตสินค้าและบริการก็เป็นตัวแปรทางเทคโนโลยีที่ส่งผลต่อโครงสร้างของรัฐ หากเศรษฐกิจจำเป็นต้องอาศัยตลาดขนาดใหญ่ พื้นที่กว้าง หรือระบบโลจิสติกส์ที่ซับซ้อน รัฐขนาดใหญ่จะมีข้อได้เปรียบ เช่น จักรวรรดิอังกฤษที่สามารถจัดระบบเศรษฐกิจข้ามทวีปได้ในศตวรรษที่ 19 แต่หากเทคโนโลยีเอื้อให้เศรษฐกิจท้องถิ่นมีความคล่องตัว สามารถผลิตแบบกระจาย (distributed production)ได้ รัฐขนาดใหญ่ก็จะมีประสิทธิภาพน้อยลง และอำนาจจะกระจายตัว

E. การกระจายของเทคโนโลยี หากเทคโนโลยีสามารถถูก “ผูกขาด” ได้โดยกลุ่มเล็ก ๆ เช่น การควบคุมแหล่งพลังงานนิวเคลียร์ หรือการพัฒนาอาวุธล้ำสมัย อำนาจจะกระจุกอยู่กับชนชั้นนำ แต่หากเทคโนโลยีแพร่กระจายได้อย่างกว้างขวาง เช่น การใช้ดินปืน แป้นพิมพ์ อำนาจก็จะสลายตัวไปยังประชาชนทั่วไป

เมื่อพิจารณาประวัติศาสตร์ในมุมของ “สิ่งที่เกิดขึ้นจริง” ควบคู่กับ “สิ่งที่อาจเกิดขึ้นได้” เราจะเริ่มตระหนักถึงบทบาทของโอกาสและความเปราะบางที่มักถูกมองข้าม โดยเฉพาะในกรณีของจุลชีพ แม้จะเป็นตัวแปรที่ทรงพลังในอดีต แต่กลับดูเหมือนว่ามันมีผลกระทบต่อโครงสร้างอำนาจในยุคใหม่ต่ำกว่าที่ควรจะเป็น ทั้งที่ในทางทฤษฎีแล้ว มันมีศักยภาพสูงยิ่งในการเปลี่ยนแปลงประวัติศาสตร์ หากเชื้อไวรัสสายพันธุ์ใหม่ที่ร้ายแรงและแพร่กระจายได้ง่าย เทียบเท่าหรือรุนแรงกว่ามาลาเรีย แพร่ระบาดในหมู่นักสำรวจโปรตุเกสช่วงต้นของยุคการเดินเรือ อาจไม่มีการสำรวจหรือขยายอาณานิคมเกิดขึ้นเลย เช่นเดียวกับหากโคลัมบัสและผู้ย้ายถิ่นกลุ่มแรกในโลกใหม่ต้องเผชิญโรคร้ายที่มีฤทธิ์รุนแรงพอ ๆ กับหัดซึ่งคร่าชีวิตชาวพื้นเมืองไปอย่างมหาศาล พวกเขาอาจไม่สามารถตั้งรกรากได้เลยด้วยซ้ำ

แต่เมื่อมองย้อนกลับไป สิ่งเหล่านี้กลับไม่เคยเกิดขึ้น และนั่นทำให้เรายิ่งมีแนวโน้มจะเชื่อใน “ชะตากรรม” บางอย่างของประวัติศาสตร์ อย่างไรก็ตาม หากมองในแง่กลไกของพลังที่ขับเคลื่อนอำนาจ การที่จุลชีพกลับมีบทบาทสนับสนุนการรวมศูนย์ของรัฐในยุคใหม่มากกว่าการขัดขวาง ก็เป็นสิ่งที่น่าพิจารณา ทหารและผู้ตั้งถิ่นฐานจากโลกตะวันตกไม่ได้มีเพียงเทคโนโลยีเป็นแต้มต่อ แต่ยังมี “ภูมิคุ้มกันที่สั่งสมจากประสบการณ์กับโรค” อีกด้วย โรคที่มาพร้อมกับนักสำรวจจากยุโรปจึงกลายเป็น “อาวุธลับ” ที่ทำลายชาวพื้นเมืองก่อนที่ผู้รุกรานจะลงจากเรือด้วยซ้ำ

แม้ว่าจะมีข้อสันนิษฐานว่าซิฟิลิสแพร่จากโลกใหม่กลับไปยังยุโรป แต่ผลกระทบของมันก็จำกัดอยู่ในระดับวัฒนธรรม โดยเฉพาะด้านศีลธรรมทางเพศ ไม่ได้ส่งผลกระทบในระดับการเมืองมหภาคอย่างที่โรคระบาดในยุคกลางเคยทำ เช่น กาฬโรคหรือโรคไข้ทรพิษ เพราะในยุคสมัยใหม่ ระบบอุตสาหกรรมและโครงสร้างทางการแพทย์มีความสามารถในการควบคุมภัยจากจุลชีพได้มากขึ้น ไม่ว่าจะผ่านระบบสุขาภิบาล วัคซีน หรือยาปฏิชีวนะ

อย่างไรก็ดี การปรากฏตัวของโรคเอดส์ และความกังวลเกี่ยวกับไวรัสกลายพันธุ์ในช่วงปลายศตวรรษที่ 20 ได้แสดงให้เห็นว่า จุลชีพอาจไม่ได้เป็น “ปัจจัยรอง” ที่ไร้ฤทธิ์เสมอไป และอาจหวนกลับมาเป็นปัจจัยหลักที่กำหนดแนวทางของอำนาจใหม่อีกครั้งได้ในอนาคต หากมีโรคระบาดใหญ่เกิดขึ้นซึ่งรุนแรงพอที่จะทำลายความสามารถของรัฐในการควบคุมระบบเศรษฐกิจและชีวิตสาธารณะ โครงสร้างของอำนาจอาจสั่นคลอนยิ่งกว่าผลกระทบจากภูมิอากาศหรือภูมิประเทศเสียอีก

ปัญหาคือเราไม่สามารถคาดการณ์จุดเริ่มต้นของเหตุการณ์เหล่านี้ได้อย่างแม่นยำ ไม่มีแบบจำลองใดที่สามารถควบคุมหรือคาดเดาธรรมชาติได้อย่างสมบูรณ์ แม้จะมีความพยายามทางวิทยาศาสตร์และการเฝ้าระวังระดับโลก การที่เรารอดพ้นจากโรคร้ายในอดีตไม่ได้แปลว่าจะรอดได้อีกในอนาคต ความคาดหวังว่าปัจจัยมหภาคในพันปีข้างหน้าจะยังคงเป็น “เทคโนโลยี” ไม่ใช่ “จุลชีพ” จึงเป็นเพียงสมมติฐานที่ตั้งอยู่บนความหวังมากกว่าหลักประกันใด ๆ

และแม้ว่าเทคโนโลยีจะมีบทบาทอย่างล้นเหลือในช่วงห้าศตวรรษที่ผ่านมา แต่บทเรียนจากการปฏิวัติการเกษตรในยุคโบราณก็ยังคงเตือนใจว่า ปัจจัยที่เปลี่ยนแปลงวิถีของอำนาจในระดับรากฐานที่สุดอาจไม่ได้ยิ่งใหญ่หรือก้าวหน้าเสมอไป บางครั้งสิ่งที่ทำให้โลกเปลี่ยนแปลงไปอย่างถาวร ไม่ใช่จักรกลที่ซับซ้อนหรืออาวุธล้ำยุค หากแต่เป็นสิ่งมีชีวิตขนาดเล็กที่เราแทบมองไม่เห็นด้วยตาเปล่า — และมันก็อาจย้อนกลับมามีบทบาทสำคัญอีกครั้งในศตวรรษของเรา.

อย่าลืมว่าหนังสือเล่มนี้เขียนขึ้นในปี 1997 — ยุคที่โลกยังไม่เคยรู้จักกับ COVID-19

บทถัดไปจะพูดถึงเรื่องการปฏิวัติครั้งแรกของ Sapiens การปฏิวัติเกษตรกรรม

@ 78b3c1ed:5033eea9

Umbrel Core-lightning(以下CLNと略す)を運用するにあたり役に立ちそうなノウハウやメモを随時投稿します。

・configファイルを用意する Umbrelのアプリとして必要な設定はdocker-compose.ymlで指定されている。 それ以外の設定をしたい場合configファイルに入れると便利。 configファイルの置き場所は /home/umbrel/umbrel/app-data/core-lightning/data/lightningd ここにtouch configとでもやってファイルをつくる。 cd /home/umbrel/umbrel/app-data/core-lightning/data/lightningd touch config 以下内容をひな型として使ってみてください。 行頭に#があるとコメント行になります。つまり.iniフォーマット。 /home/umbrel/umbrel/app-data/core-lightning/data/lightningd/config ```

[General options]

[Bitcoin control options]

[Lightning daemon options]

[Lightning node customization options]

[Lightning channel and HTLC options]

[Payment control options]

[Networking options]

[Lightning Plugins]

[Experimental Options]

``` configに設定できる内容は以下を参照 https://lightning.readthedocs.io/lightningd-config.5.html セクションを意味する[]があるけれどもこれは私(tanakei)が意図的に見やすく区別しやすくするために付けただけ。これら行の＃は外さない。

・configの設定をCLNに反映させる appスクリプトでCLNを再起動すると反映することができる。 configを書き換えただけでは反映されない。 cd /home/umbrel/umbrel/scripts ./app restart core-lightning

・ログをファイルに出力させる

以下の場所でtouch log.txtとしてlog.txtファイルを作る。 /home/umbrel/umbrel/app-data/core-lightning/data/lightningd cd /home/umbrel/umbrel/app-data/core-lightning/data/lightningd touch log.txt 次にconfigの[Lightning daemon options]セクションにlog-fileを追加する。 ```

[Lightning daemon options]

log-file=/data/.lightning/log.txt ``` ※Dockerによって/home/umbrel/umbrel/app-data/core-lightning/data/lightningd は /data/.lightning として使われている。

・addrとbind-addrの違い どちらも着信用のインターフェースとポートの設定。addrは指定したホストIPアドレス:ポート番号をノードURIに含めて公開する(node_announcementのuris)。bind-addrは公開しない。

・実験的機能のLN Offerを有効にする configの[Experimental Options]セクションに以下を追加する。 ```

[Experimental Options]

experimental-onion-messages experimental-offers ``` ※ v24.08でexperimental-onion-messageは廃止されデフォルト有効であり、上記設定の追加は不要になりました。 ※ v21.11.1 では experimental-offersは廃止されデフォルト有効であり、上記設定の追加は不要になりました。 もう実験扱いじゃなくなったのね...

・完全にTorでの発信オンリーにする UmbrelはなぜかCLNの発信をClearnetとTorのハイブリッドを許している。それは　always-use-proxy=true　の設定がないから。(LNDは発着信Torのみなのに) なのでこの設定をconfigに追加してCLNも発着進Torのみにする。 ```

[Networking options]

always-use-proxy=true ```

・任意のニーモニックからhsm_secretを作る CLNのhsm_secretはLNDのwallet.dbのようなもの。ノードで使う様々な鍵のマスター鍵となる。Umbrel CLNはこのhsm_secretファイルを自動生成したものを使い、これをバックアップするためのニーモニックを表示するとかそういう機能はない。自分で作って控えてあるニーモニックでhsm_secretを作ってしまえばこのファイルが壊れてもオンチェーン資金は復旧はできる。

1.CLNインストール後、dockerコンテナに入る docker exec -it core-lightning_lightningd_1 bash 2.lightning-hsmtoolコマンドを使って独自hsm_secretを作る ``` cd data/.lightning/bitcoin lightning-hsmtool generatehsm my-hsm_secret

・上記コマンドを実行するとニーモニックの言語、ニーモニック、パスフレーズの入力を催促される。 Select your language: 0) English (en) 1) Spanish (es) 2) French (fr) 3) Italian (it) 4) Japanese (jp) 5) Chinese Simplified (zhs) 6) Chinese Traditional (zht) Select [0-7]: 0　※定番の英単語なら0を入力 Introduce your BIP39 word list separated by space (at least 12 words): <ニーモニックを入力する> Warning: remember that different passphrases yield different bitcoin wallets. If left empty, no password is used (echo is disabled). Enter your passphrase: <パスフレーズを入力する>　※パスフレーズ不要ならそのままエンターキーを押す。 New hsm_secret file created at my-hsm_secret Use the encrypt command to encrypt the BIP32 seed if needed

コンテナから抜ける exit

3.appスクリプトでCLNを止めて、独自hsm_secret以外を削除 ※【重要】いままで使っていたhsm_secretを削除する。もしチャネル残高、ウォレット残高があるならチャネルを閉じて資金を退避すること。自己責任！ cd ~/umbrel/scripts/ ./app stop core-lightning

cd ~/umbrel/app-data/core-lightning/data/lightningd/bitcoin rm gossip_store hsm_secret lightningd.sqlite3 lightning-rpc mv my-hsm_secret hsm_secret 4.appスクリプトでCLNを再開する cd ~/umbrel/scripts/ ./app start core-lightning ```

【補記】 hsm_secret作成につかうニーモニックはBIP39で、LNDのAezeedと違って自分が作成されたブロック高さというものを含んでいない。新規でなくて復元して使う場合は作成されたブロック高さからブロックチェーンをrescanする必要がある。 configの１行目にrescanオプションを付けてCLNをリスタートする。 ``` // 特定のブロック高さを指定する場合はマイナス記号をつける rescan=-756000

// 現在のブロック高さから指定ブロック分さかのぼった高さからrescanする rescan=10000 ※現在の高さが760,000なら10000指定だと750,000からrescan ```

・clnrestについて core-lightningでREST APIを利用したい場合、別途c-lightning-restを用意する必要があった。v23.8から標準でclnrestというプラグインがついてくる。pythonで書かれていて、ソースからビルドした場合はビルド完了後にpip installでインストールする。elementsproject/lightningdのDockerイメージではインストール済みになっている。 (v25.02からgithubからバイナリをダウンロードしてきた場合はpip install不要になったようだ) このclnrestを使うにはcreaterunesコマンドでruneというLNDのマカロンのようなものを作成する必要がある。アプリ側でこのruneとREST APIを叩いてcore-lightningへアクセスすることになる。 自分が良く使っているLNbitsやスマホアプリZeus walletはclnrestを使う。まだclnrestに対応していないアプリもあるので留意されたし。

・Emergency recoverについて LNDのSCBのようなもの。ファイル名はemergency.recover チャネルを開くと更新される。 hsm_secretとこのファイルだけを置いてCLNを開始すると自動でこのファイルから強制クローズするための情報が読み出されてDLPで相手から強制クローズするような仕組み。この機能はv0.12から使える。

動作確認してみた所、LNDのSCBに比べるとかなり使いづらい。 1. CLNがTor発信だとチャネルパートナーと接続できない。 　Clearnet発信できても相手がTorのみノードならTor発信せざるを得ない。 　相手と通信できなければ資金回収できない。 2. 相手がLNDだとなぜか強制クローズされない。相手がCLNならできる。

つまり、自分と相手がClearnetノードでかつ相手もCLNならば Emergency recoverで強制クローズして資金回収できる。こんな条件の厳しい復旧方法がマジで役に立つのか？

v0.11以降ならばLNDのchannel.dbに相当するlightningd.sqlite3をプライマリ・セカンダリDBと冗長化できるので、セカンダリDBをNFSで保存すればUmbrelのストレージが壊れてもセカンダリDBで復旧できる。そのためemergerncy.recoverを使う必要がないと思われる。

・LN offer(BOLT#12)ついて 使いたいなら 1.publicチャネルを開く 　publicチャネルを開けばチャネルとノードの情報(channel_announcement, node_announcement)が他ノードに伝わる。送金したい相手がこの情報を元に経路探索する。 2.その後しばらく待つ CLNノードを立てたばかりだと経路探索するに十分なチャネルとノードの情報が揃ってない。せめて1日は待つ。

LNURLの場合インボイスをhttpsで取得するが、OfferはLN経由で取得する。そのためにチャネルとノードの情報が必要。privateチャネルばかりのノードはチャネル情報もそうだがノード情報も出さない。 Offerで使えるBlind pathという機能なら中間ノードIDを宛先ノードとすることが可能で、これならチャネルとノード情報を公開しなくても受けとれるのだがCLNは対応してない模様(2025年1月現在) CLNでOfferで受け取るにはチャネルとノード情報を公開する必要がある。そのためpublicチャネルを開く。公開されていれば良いのでTorでもOK。クリアネットで待ち受けは必須ではない。

・hsm_sercretとニーモニック lightning-hsmtoolを使うとニーモニックからhsm_secretを作れる。ニーモニックからシードを作ると64バイト。これはニーモニックおよびソルトにパスフレーズをPBKDF2(HMAC-SHA512を2048回)にかけると512ビット(64バイト)のシードができる。しかしhsm_secretは32バイト。CLNでは64バイトの最初の32バイトをhsm_secretとして利用しているみたい。 このhsm_secretにHMAC-SHA512をかけて512ビットとした値がウォレットのマスター鍵となる。なのでhsm_secret自体がBIP-32でいうマスターシードそのものではない。 sparrow walletにCLNのウォレットを復元したい場合は lightning-hsmtool dumponchaindescriptors --show-secrets とやってディスクリプターウォレットを出力。出力内容にマスター鍵(xprv～)があるので、これをインポートする。導出パス設定はm/0とする。sparrowが残りを補完してm/0/0/0, m/0/0/1とやってくれる。

<おまけ> configファイルのサンプル。Umbrelを使わない場合は以下のサンプルが役に立つはず。上記のelementsproject/lightningdならば/root/.lightningに任意のディレクトリをマウントしてそのディレクトリにconfigを置く。 ```

[General options]

不可逆なDBアップグレードを許可しない

database-upgrade=false

[Bitcoin control options]

network=bitcoin bitcoin-rpcconnect= bitcoin-rpcport= bitcoin-rpcuser= bitcoin-rpcpassword=

[Lightning daemon options]

postgresを使う場合

wallet=postgres://USER:PASSWORD@HOST:PORT/DB_NAME

bookkeeper-db=postgres://USER:PASSWORD@HOST:PORT/DB_NAME

sqlite3を使う場合。デフォルトはこちらで以下の設定が無くても~/.lightning/bitconに自動で作成される。

wallet=sqlite3:///home/USERNAME/.lightning/bitcoin/lightningd.sqlite3

bookkeeper-db=sqlite3:///home/USERNAME/.lightning/bitcoin/accounts.sqlite3

ログファイルは自動で作成されない

log-file=/home/USERNAME/.lightning/lightningd-log

log-level=debug

[Lightning node customization options]

alias= rgb=

固定手数料。ミリサトシで指定。

fee-base=1000000

変動手数料。ppmで指定。

fee-per-satoshi=0

最小チャネルキャパシティ(sats)

min-capacity-sat=100000

HTLC最少額。ミリサトシで指定。

htlc-minimum-msat=1000

[Lightning channel and HTLC options]

large-channels # v23.11よりデフォルトでラージチャネルが有効。

チャネル開設まで6承認

funding-confirms=6

着信できるHTLCの数。開いたら変更できない。1～483 (デフォルトは 30) の範囲にする必要があります

max-concurrent-htlcs=INTEGER

アンカーチャネルを閉じるためにウォレットに保持しておく資金。デフォルトは 25,000sat

チャネルを"忘れる(forget)"するまではリザーブされる模様。forgetはチャネル閉じてから100ブロック後

min-emergency-msat=10000000

[Cleanup control options]

autoclean-cycle=3600 autoclean-succeededforwards-age=0 autoclean-failedforwards-age=0 autoclean-succeededpays-age=0 autoclean-failedpays-age=0 autoclean-paidinvoices-age=0 autoclean-expiredinvoices-age=0

[Payment control options]

disable-mpp

[Networking options]

bind-addrだとアナウンスしない。

bind-addr=0.0.0.0:9375

tor

proxy=: always-use-proxy=true

Torの制御ポート。addr=statictor だとhidden serviceをノードURIとして公開する。

addr=statictor:: tor-service-password=

experimental-websocket-portは廃止された。bind-addr=ws:が代替。

bind-addr=ws::2106

clnrestプラグイン, REST API

clnrest-host=0.0.0.0 clnrest-port=3010 clnrest-protocol=http

v24.11よりgrpcはデフォルト有効

grpc-host=0.0.0.0 grpc-port=9736

[Lightning Plugins]

[Experimental Options]

experimental-onion-messages # v24.08で廃止。デフォルト有効

experimental-offers # v24.11.1で廃止。デフォルト有効

流動性広告からチャネルを開くときにexperimental-dual-fundが必要らしい。

experimental-dual-fund

experimental-splicing

experimental-peer-storage

```

@ 502ab02a:a2860397

PAN... แค่แพนเค้ก หรือ แผนล้อมโลกเรื่องอาหาร เมื่อหมากตัวจริงชื่อ Sebastian Joy

เราได้รู้จักกับคุณ Sebastian Joy กันไปแล้วนะครับ วันนี้เรามาขยายผลกันอีกหน่อย

ถ้าโลกนี้เป็นเกมหมากรุก อาหารคือกระดานที่ทุกตัวหมากต้องเหยียบเดิน และใครที่วางหมากอาหารได้...ก็วางโลกได้เหมือนกัน

ปี 2018 มีโครงการหนึ่งถือกำเนิดขึ้นในเยอรมนีอย่างเงียบๆ ชื่อว่า Physicians Association for Nutrition (PAN) เบื้องหน้าเหมือนเป็นมูลนิธิการกุศล ตั้งขึ้นมาเพื่อ "ช่วยให้หมอเข้าใจเรื่องโภชนาการจากพืช" แต่ถ้าเปิดแว่นขยายส่องให้ดีๆ มันคือหนึ่งในฟันเฟืองสำคัญของแผนเปลี่ยนอนาคตอาหารโลกจาก Animal-Based ไปเป็น Plant-Based ที่เป็น lab plant based ที่ไม่ใช่อาหารธรรมชาติแบบหลักแก่นที่ Vegan สืบทอดกันมา โดยอ้างเรื่อง "สุขภาพ" และ "สิ่งแวดล้อม" เป็นฉากหน้า

PAN นั้นเสมือนเป็นลูกสมุนตัวกลั่นของคนที่ชื่อ Sebastian Joy ชายหนุ่มสายโปรโมทแนว Vegan ที่ก่อนหน้านั้นก่อตั้งองค์กร ProVeg International ซึ่งมีสายสัมพันธ์กับพวก Start-up อาหารทางเลือก (ไม่ว่าจะเป็นเนื้อปลอม เนื้อพืชดีเอนเอ นมพืชที่มาจากจุลินทรีย์ ไปจนถึงการส่งเสริมวัตถุดิบจากแบคทีเรีย โรงงาน และห้องแลบ) แล้ว ProVeg ไม่ได้ทำงานเดี่ยวๆ นะจ๊ะ... เบื้องหลังเชื่อมโยงกับเครือข่ายที่หนุน World Economic Forum (WEF) และแนวคิด Great Reset ที่อยาก "รีเซ็ต" วิธีการกินของคนทั้งโลก โดยให้อาหารเป็น Plant-Based แบบ lab created และ Meat Lab-Based เป็นหลัก

ส่วน PAN ถูกใช้เป็น "หมากที่แต่งตัวเป็นหมอ" เพื่อเดินเกมไปสู่การแทรกแซงนโยบายประเทศต่างๆ ผ่านช่องทาง "สาธารณสุข" และ "การศึกษาแพทย์" เพื่อมาเป็นกำลังหลักให้ในแผนงาน

เรามาดูตัวอย่างผลงานเด่นของ PAN กันครับ 1. ผลักดันให้รวม Plant-Based เข้าไปในหลักสูตรแพทย์และพยาบาล (โดยใช้เหตุผลว่า "หมอต้องรู้จักอาหารเพื่อสุขภาพ") 2. ช่วยรณรงค์ให้โรงพยาบาล โรงเรียน และมหาวิทยาลัย เปลี่ยนเมนูอาหารเป็น Plant-Based 3. สนับสนุนงานวิจัย และโครงการ เช่น Green Food Experience ที่กดดันให้ภาคธุรกิจและภาครัฐบาลหันมาทำตาม "แนวทางอาหารยั่งยืน" แบบที่ PAN และพรรคพวกกำหนด 4. มีสถานะ "Observer" ในองค์การสหประชาชาติ (UN) เพื่อเสนอความคิดเห็นในการกำหนดนโยบายสาธารณสุขและสิ่งแวดล้อมระดับโลก

และเบื้องหลังอีกชั้นที่น่าสนใจ... Sebastian Joy มีความสัมพันธ์ลึกซึ้งกับวงการ Start-up อาหารใหม่ๆ ที่พยายามตีตลาด Plant-Based และ Lab-Grown Food อย่างเช่น Perfect Day, Beyond Meat, Mosa Meat ฯลฯ ผ่านการโปรโมท "โภชนาการจากพืชเพื่อสุขภาพที่ดีกว่า" โดยใช้ PAN เป็นเครื่องมือให้ดู "มีอำนาจทางวิชาการ" มากขึ้น

หรือถ้าให้พูดง่ายๆ คือ สร้างสนามแข่ง แล้วจับมือกับนักแข่งที่ตัวเองลงทุนไว้ PAN ดูเหมือนเป็นองค์กรกลางๆ ใสๆ แต่มันเชื่อมโยงกับโครงข่าย NGO และบริษัทเอกชนที่มุ่งแปลงร่างอาหารโลกอยู่เบื้องหลัง การที่ PAN ผลักดันนโยบายระดับประเทศ และแทรกซึมในระบบการศึกษา หมายความว่าอนาคตคนรุ่นใหม่จะถูกปลูกฝังแนวคิด "เนื้อสัตว์ไม่ดี" โดยไม่ทันรู้ตัว

แล้วมันเกี่ยวอะไรกับเรา? จินตนาการดูครับว่า - ถ้าวันหนึ่งโรงเรียนของลูกเรามีแต่เมนูถั่วเหลือง ซีเรียล นมโอ๊ต หรือ ไอศกรีมเวย์จากจุลินทรีย์ และห้ามเสิร์ฟเนื้อสัตว์ด้วยสารพัดเหตุผล เช่น เนื้อปนเปื้อนง่าย เนื้อทำให้เป็นมะเร็ง หรือแม้แต่สอนเด็กว่า เนื้อคือตัวการทำลายสิ่งแวดล้อมด้วย มีเทน นั่นอาจเป็นผลลัพธ์จากงานเบื้องหลังของ PAN - ถ้าวันหนึ่งนโยบายอาหารของประเทศเน้นลดเนื้อสัตว์ อ้างสุขภาพ อ้างสิ่งแวดล้อม อ้างโรคระบาด อ้างกฎแห่ง DNA ที่ถูกจดสิทธิบัตร แล้วโปรโมทเนื้อปลอมแทน นั่นอาจเป็นรอยเท้าของ Sebastian Joy ที่เดินมาก่อนแล้ว - ถ้าวันหนึ่งหมอจำนวนมากเชื่อว่า “เนื้อสัตว์คือตัวร้ายที่แพร่มะเร็งหรือทำให้สุขภาพเสีย” โดยไม่มีการตั้งคำถาม นั่นคือชัยชนะของหมากตัวนี้

ในขณะที่คนส่วนใหญ่คิดว่ากำลังเลือกอาหารเอง หรือ คิดว่าฉันกิน plant base / vegan เพราะรักโลก รักสุขภาพ แต่จริงๆ แล้วมีมือที่มองไม่เห็นกำหนด "ตัวเลือก" ไว้แล้วเรียบร้อย เพราะทั้งหมดมันไม่ได้เป็นอาหารธรรมชาติ มันคืออาหาร "สร้าง" ที่ไม่มีสัตว์, มันคืออาหาร "สร้าง" ที่ต้อง "สร้าง" มาจากโรงงาน แล้วเราต้อง "ซื้อ" มากินเท่านั้น ถ้าไม่สร้าง local ให้แข็งแรง อย่าหลงไปตามความสวยงามของการรักโลกในมุมเดียว เราอาจจะไม่สามารถปลูกพืชมาเป็นอาหารเองได้ เราอาจไม่สามารถเลี้ยงสัตว์เพื่อกินเองได้

PAN ไม่ใช่แค่องค์กรให้ความรู้ด้านโภชนาการ / PAN คือเครื่องมือในกระดานหมากรุกที่กำลังจัดการ "ตั้งโปรแกรมใหม่" ให้คนทั้งโลกกินตามแบบที่นายทุนและเครือข่ายเบื้องหลังเขียนบทไว้ และชายที่ชื่อ Sebastian Joy นี่แหละ...คือหนึ่งในผู้ถือหมากที่ยิ้มอยู่หลังม่าน

อาหารแห่งอนาคต มีทางเดินเหลือไว้ให้ เกษตรกร old school บ้างไหม สนธิสัญญาต่างๆเรื่องเมล็ดพันธุ์ เหลือทางเดินไว้ให้เกษตรกรบ้างไหม หรือสุดท้าย เราจะไม่มีไดเอทให้เลือก ให้ทะเลาะกัน เพราะสุดท้าย เราต่างต้องกินอาหารจากโรงงานเหมือนกันหมด บทความนี้คงจะเป็นได้แค่เพียง การตั้งคำถามขึ้นมาไว้ แต่ไม่มีคำตอบ ว่าเรากำลังโดนอ้าง plant based food มาเคลือบความเป็น อาหารโรงงาน (Plant Food) หรือเปล่าเพราะวันนี้หลายคนอาจมองว่าเป็นการตื่นตูม คิดมาก หรือแม้แต่ เราเลือกได้แหละ ก็ได้ครับ

ผมไม่ได้มีปัญหากับสายพืชล้วน ไม่ว่าจะเจ วีแกน แพลนท์เบส เพราะถ้ากินเป็น มองสารอาหารเป็น จัดการ anti nutrient ได้ดี มันก็ดีสำหรับคนนั้น แต่ซีรีส์นี้สำคัญที่ว่า plant based food is not PLANT food อาหารจากพืชไม่ใช่อาหารจากโรงงานครับ

ก่อนถึงวันที่เราจะไม่มีสิทธิ์แม้แต่จะเลือก #pirateketo #กูต้องรู้มั๊ย #ม้วนหางสิลูก #siamstr

@ 4db2f229:205fed9f

https://www.nexusmods.com/newvegas/mods/80258

If you manage to get it up to date / uncorrupt the data, I give you full liberties to:

• The model itself
• Its XMF and/or XML skeleton
• Patching it to be compatible with any other gun mods
• other fixes
• and full credit handed over to you

I think this has honestly been abandoned by it's original developer, and since I am just hanging onto the file? I decided it'd be better maintained in someone elses hands, and with community much more responsible than Nexus. Honestly if I did not archive this mod? It would of been vaporware.

But in it's current state it's not fit for being playable. I did manage to save media of when it was playable however.

@ 4ba8e86d:89d32de4

Como funciona o PGP.

O texto a seguir foi retirado do capítulo 1 do documento Introdução à criptografia na documentação do PGP 6.5.1. Copyright © 1990-1999 Network Associates, Inc. Todos os direitos reservados.

-O que é criptografia? -Criptografia forte -Como funciona a criptografia? -Criptografia convencional -Cifra de César -Gerenciamento de chaves e criptografia convencional -Criptografia de chave pública -Como funciona o PGP - Chaves • Assinaturas digitais -Funções hash • Certificados digitais -Distribuição de certificados -Formatos de certificado •Validade e confiança -Verificando validade -Estabelecendo confiança -Modelos de confiança • Revogação de certificado -Comunicar que um certificado foi revogado -O que é uma senha? -Divisão de chave

Os princípios básicos da criptografia.

Quando Júlio César enviou mensagens aos seus generais, ele não confiou nos seus mensageiros. Então ele substituiu cada A em suas mensagens por um D, cada B por um E, e assim por diante através do alfabeto. Somente alguém que conhecesse a regra “shift by 3” poderia decifrar suas mensagens. E assim começamos.

Criptografia e descriptografia.

Os dados que podem ser lidos e compreendidos sem quaisquer medidas especiais são chamados de texto simples ou texto não criptografado. O método de disfarçar o texto simples de forma a ocultar sua substância é chamado de criptografia. Criptografar texto simples resulta em um jargão ilegível chamado texto cifrado. Você usa criptografia para garantir que as informações sejam ocultadas de qualquer pessoa a quem não se destinam, mesmo daqueles que podem ver os dados criptografados. O processo de reverter o texto cifrado ao texto simples original é chamado de descriptografia . A Figura 1-1 ilustra esse processo.

https://image.nostr.build/0e2fcb71ed86a6083e083abbb683f8c103f44a6c6db1aeb2df10ae51ec97ebe5.jpg

Figura 1-1. Criptografia e descriptografia

O que é criptografia?

Criptografia é a ciência que usa a matemática para criptografar e descriptografar dados. A criptografia permite armazenar informações confidenciais ou transmiti-las através de redes inseguras (como a Internet) para que não possam ser lidas por ninguém, exceto pelo destinatário pretendido. Embora a criptografia seja a ciência que protege os dados, a criptoanálise é a ciência que analisa e quebra a comunicação segura. A criptoanálise clássica envolve uma combinação interessante de raciocínio analítico, aplicação de ferramentas matemáticas, descoberta de padrões, paciência, determinação e sorte. Os criptoanalistas também são chamados de atacantes. A criptologia abrange tanto a criptografia quanto a criptoanálise.

Criptografia forte.

"Existem dois tipos de criptografia neste mundo: a criptografia que impedirá a sua irmã mais nova de ler os seus arquivos, e a criptografia que impedirá os principais governos de lerem os seus arquivos. Este livro é sobre o último." --Bruce Schneier, Criptografia Aplicada: Protocolos, Algoritmos e Código Fonte em C. PGP também trata deste último tipo de criptografia. A criptografia pode ser forte ou fraca, conforme explicado acima. A força criptográfica é medida no tempo e nos recursos necessários para recuperar o texto simples. O resultado de uma criptografia forte é um texto cifrado que é muito difícil de decifrar sem a posse da ferramenta de decodificação apropriada. Quão díficil? Dado todo o poder computacional e o tempo disponível de hoje – mesmo um bilhão de computadores fazendo um bilhão de verificações por segundo – não é possível decifrar o resultado de uma criptografia forte antes do fim do universo. Alguém poderia pensar, então, que uma criptografia forte resistiria muito bem até mesmo contra um criptoanalista extremamente determinado. Quem pode realmente dizer? Ninguém provou que a criptografia mais forte disponível hoje resistirá ao poder computacional de amanhã. No entanto, a criptografia forte empregada pelo PGP é a melhor disponível atualmente.

Contudo, a vigilância e o conservadorismo irão protegê-lo melhor do que as alegações de impenetrabilidade.

Como funciona a criptografia?

Um algoritmo criptográfico, ou cifra, é uma função matemática usada no processo de criptografia e descriptografia. Um algoritmo criptográfico funciona em combinação com uma chave – uma palavra, número ou frase – para criptografar o texto simples. O mesmo texto simples é criptografado em texto cifrado diferente com chaves diferentes. A segurança dos dados criptografados depende inteiramente de duas coisas: a força do algoritmo criptográfico e o sigilo da chave. Um algoritmo criptográfico, mais todas as chaves possíveis e todos os protocolos que o fazem funcionar constituem um criptossistema. PGP é um criptossistema.

Criptografia convencional.

Na criptografia convencional, também chamada de criptografia de chave secreta ou de chave simétrica , uma chave é usada tanto para criptografia quanto para descriptografia. O Data Encryption Standard (DES) é um exemplo de criptossistema convencional amplamente empregado pelo Governo Federal. A Figura 1-2 é uma ilustração do processo de criptografia convencional. https://image.nostr.build/328b73ebaff84c949df2560bbbcec4bc3b5e3a5163d5fbb2ec7c7c60488f894c.jpg

Figura 1-2. Criptografia convencional

Cifra de César.

Um exemplo extremamente simples de criptografia convencional é uma cifra de substituição. Uma cifra de substituição substitui uma informação por outra. Isso é feito com mais frequência compensando as letras do alfabeto. Dois exemplos são o Anel Decodificador Secreto do Capitão Meia-Noite, que você pode ter possuído quando era criança, e a cifra de Júlio César. Em ambos os casos, o algoritmo serve para compensar o alfabeto e a chave é o número de caracteres para compensá-lo. Por exemplo, se codificarmos a palavra "SEGREDO" usando o valor chave de César de 3, deslocaremos o alfabeto para que a terceira letra abaixo (D) comece o alfabeto. Então começando com A B C D E F G H I J K L M N O P Q R S T U V W X Y Z e deslizando tudo para cima em 3, você obtém DEFGHIJKLMNOPQRSTUVWXYZABC onde D=A, E=B, F=C e assim por diante. Usando este esquema, o texto simples, "SECRET" é criptografado como "VHFUHW". Para permitir que outra pessoa leia o texto cifrado, você diz a ela que a chave é 3. Obviamente, esta é uma criptografia extremamente fraca para os padrões atuais, mas, ei, funcionou para César e ilustra como funciona a criptografia convencional.

Gerenciamento de chaves e criptografia convencional.

A criptografia convencional tem benefícios. É muito rápido. É especialmente útil para criptografar dados que não vão a lugar nenhum. No entanto, a criptografia convencional por si só como meio de transmissão segura de dados pode ser bastante cara, simplesmente devido à dificuldade de distribuição segura de chaves. Lembre-se de um personagem do seu filme de espionagem favorito: a pessoa com uma pasta trancada e algemada ao pulso. Afinal, o que há na pasta? Provavelmente não é o código de lançamento de mísseis/fórmula de biotoxina/plano de invasão em si. É a chave que irá descriptografar os dados secretos. Para que um remetente e um destinatário se comuniquem com segurança usando criptografia convencional, eles devem chegar a um acordo sobre uma chave e mantê-la secreta entre si. Se estiverem em locais físicos diferentes, devem confiar em um mensageiro, no Bat Phone ou em algum outro meio de comunicação seguro para evitar a divulgação da chave secreta durante a transmissão. Qualquer pessoa que ouvir ou interceptar a chave em trânsito poderá posteriormente ler, modificar e falsificar todas as informações criptografadas ou autenticadas com essa chave. Do DES ao Anel Decodificador Secreto do Capitão Midnight, o problema persistente com a criptografia convencional é a distribuição de chaves: como você leva a chave ao destinatário sem que alguém a intercepte?

Criptografia de chave pública.

Os problemas de distribuição de chaves são resolvidos pela criptografia de chave pública, cujo conceito foi introduzido por Whitfield Diffie e Martin Hellman em 1975. (Há agora evidências de que o Serviço Secreto Britânico a inventou alguns anos antes de Diffie e Hellman, mas a manteve um segredo militar - e não fez nada com isso.

[JH Ellis: The Possibility of Secure Non-Secret Digital Encryption, CESG Report, January 1970]) A criptografia de chave pública é um esquema assimétrico que usa um par de chaves para criptografia: uma chave pública, que criptografa os dados, e uma chave privada ou secreta correspondente para descriptografia. Você publica sua chave pública para o mundo enquanto mantém sua chave privada em segredo. Qualquer pessoa com uma cópia da sua chave pública pode criptografar informações que somente você pode ler. Até mesmo pessoas que você nunca conheceu. É computacionalmente inviável deduzir a chave privada da chave pública. Qualquer pessoa que possua uma chave pública pode criptografar informações, mas não pode descriptografá-las. Somente a pessoa que possui a chave privada correspondente pode descriptografar as informações. https://image.nostr.build/fdb71ae7a4450a523456827bdd509b31f0250f63152cc6f4ba78df290887318b.jpg

Figura 1-3. Criptografia de chave pública O principal benefício da criptografia de chave pública é que ela permite que pessoas que não possuem nenhum acordo de segurança pré-existente troquem mensagens com segurança. A necessidade de remetente e destinatário compartilharem chaves secretas através de algum canal seguro é eliminada; todas as comunicações envolvem apenas chaves públicas e nenhuma chave privada é transmitida ou compartilhada. Alguns exemplos de criptossistemas de chave pública são Elgamal (nomeado em homenagem a seu inventor, Taher Elgamal), RSA (nomeado em homenagem a seus inventores, Ron Rivest, Adi Shamir e Leonard Adleman), Diffie-Hellman (nomeado, você adivinhou, em homenagem a seus inventores). ) e DSA, o algoritmo de assinatura digital (inventado por David Kravitz). Como a criptografia convencional já foi o único meio disponível para transmitir informações secretas, o custo dos canais seguros e da distribuição de chaves relegou a sua utilização apenas àqueles que podiam pagar, como governos e grandes bancos (ou crianças pequenas com anéis descodificadores secretos). A criptografia de chave pública é a revolução tecnológica que fornece criptografia forte para as massas adultas. Lembra do mensageiro com a pasta trancada e algemada ao pulso? A criptografia de chave pública o tira do mercado (provavelmente para seu alívio).

Como funciona o PGP.

O PGP combina alguns dos melhores recursos da criptografia convencional e de chave pública. PGP é um criptossistema híbrido. Quando um usuário criptografa texto simples com PGP, o PGP primeiro compacta o texto simples. A compactação de dados economiza tempo de transmissão do modem e espaço em disco e, mais importante ainda, fortalece a segurança criptográfica. A maioria das técnicas de criptoanálise explora padrões encontrados no texto simples para quebrar a cifra. A compressão reduz esses padrões no texto simples, aumentando assim enormemente a resistência à criptoanálise. (Arquivos que são muito curtos para compactar ou que não são compactados bem não são compactados.) O PGP então cria uma chave de sessão, que é uma chave secreta única. Esta chave é um número aleatório gerado a partir dos movimentos aleatórios do mouse e das teclas digitadas. Esta chave de sessão funciona com um algoritmo de criptografia convencional rápido e muito seguro para criptografar o texto simples; o resultado é texto cifrado. Depois que os dados são criptografados, a chave da sessão é criptografada na chave pública do destinatário. Essa chave de sessão criptografada com chave pública é transmitida junto com o texto cifrado ao destinatário.

Figura 1-4. Como funciona a criptografia PGP A descriptografia funciona ao contrário. A cópia do PGP do destinatário usa sua chave privada para recuperar a chave de sessão temporária, que o PGP usa para descriptografar o texto cifrado criptografado convencionalmente.

Figura 1-5. Como funciona a descriptografia PGP A combinação dos dois métodos de criptografia combina a conveniência da criptografia de chave pública com a velocidade da criptografia convencional. A criptografia convencional é cerca de 1.000 vezes mais rápida que a criptografia de chave pública. A criptografia de chave pública, por sua vez, fornece uma solução para

problemas de distribuição de chaves e transmissão de dados. Usados ​​em conjunto, o desempenho e a distribuição de chaves são melhorados sem qualquer sacrifício na segurança.

Chaves.

Uma chave é um valor que funciona com um algoritmo criptográfico para produzir um texto cifrado específico. As chaves são basicamente números muito, muito, muito grandes. O tamanho da chave é medido em bits; o número que representa uma chave de 1024 bits é enorme. Na criptografia de chave pública, quanto maior a chave, mais seguro é o texto cifrado. No entanto, o tamanho da chave pública e o tamanho da chave secreta da criptografia convencional não têm nenhuma relação. Uma chave convencional de 80 bits tem a força equivalente a uma chave pública de 1.024 bits. Uma chave convencional de 128 bits é equivalente a uma chave pública de 3.000 bits. Novamente, quanto maior a chave, mais segura, mas os algoritmos usados ​​para cada tipo de criptografia são muito diferentes e, portanto, a comparação é como a de maçãs com laranjas. Embora as chaves pública e privada estejam matematicamente relacionadas, é muito difícil derivar a chave privada dada apenas a chave pública; no entanto, derivar a chave privada é sempre possível, desde que haja tempo e capacidade computacional suficientes. Isto torna muito importante escolher chaves do tamanho certo; grande o suficiente para ser seguro, mas pequeno o suficiente para ser aplicado rapidamente. Além disso, você precisa considerar quem pode estar tentando ler seus arquivos, quão determinados eles estão, quanto tempo têm e quais podem ser seus recursos. Chaves maiores serão criptograficamente seguras por um longo período de tempo. Se o que você deseja criptografar precisar ficar oculto por muitos anos, você pode usar uma chave muito grande. Claro, quem sabe quanto tempo levará para determinar sua chave usando os computadores mais rápidos e eficientes de amanhã? Houve um tempo em que uma chave simétrica de 56 bits era considerada extremamente segura. As chaves são armazenadas de forma criptografada. O PGP armazena as chaves em dois arquivos no seu disco rígido; um para chaves públicas e outro para chaves privadas. Esses arquivos são chamados de chaveiros. Ao usar o PGP, você normalmente adicionará as chaves públicas dos seus destinatários ao seu chaveiro público. Suas chaves privadas são armazenadas em seu chaveiro privado. Se você perder seu chaveiro privado, não será possível descriptografar nenhuma informação criptografada nas chaves desse anel.

Assinaturas digitais.

Um grande benefício da criptografia de chave pública é que ela fornece um método para empregar assinaturas digitais. As assinaturas digitais permitem ao destinatário da informação verificar a autenticidade da origem da informação e também verificar se a informação está intacta. Assim, as assinaturas digitais de chave pública fornecem autenticação e integridade de dados. A assinatura digital também proporciona o não repúdio, o que significa que evita que o remetente alegue que não enviou realmente as informações. Esses recursos são tão fundamentais para a criptografia quanto a privacidade, se não mais. Uma assinatura digital tem a mesma finalidade de uma assinatura manuscrita. No entanto, uma assinatura manuscrita é fácil de falsificar. Uma assinatura digital é superior a uma assinatura manuscrita porque é quase impossível de ser falsificada, além de atestar o conteúdo da informação, bem como a identidade do signatário.

Algumas pessoas tendem a usar mais assinaturas do que criptografia. Por exemplo, você pode não se importar se alguém souber que você acabou de depositar US$ 1.000 em sua conta, mas quer ter certeza de que foi o caixa do banco com quem você estava lidando. A maneira básica pela qual as assinaturas digitais são criadas é ilustrada na Figura 1-6 . Em vez de criptografar informações usando a chave pública de outra pessoa, você as criptografa com sua chave privada. Se as informações puderem ser descriptografadas com sua chave pública, elas deverão ter se originado em você.

Figura 1-6. Assinaturas digitais simples

Funções hash.

O sistema descrito acima apresenta alguns problemas. É lento e produz um enorme volume de dados – pelo menos o dobro do tamanho da informação original. Uma melhoria no esquema acima é a adição de uma função hash unidirecional no processo. Uma função hash unidirecional recebe uma entrada de comprimento variável – neste caso, uma mensagem de qualquer comprimento, até mesmo milhares ou milhões de bits – e produz uma saída de comprimento fixo; digamos, 160 bits. A função hash garante que, se a informação for alterada de alguma forma – mesmo que por apenas um bit – seja produzido um valor de saída totalmente diferente. O PGP usa uma função hash criptograficamente forte no texto simples que o usuário está assinando. Isso gera um item de dados de comprimento fixo conhecido como resumo da mensagem. (Novamente, qualquer alteração nas informações resulta em um resumo totalmente diferente.) Então o PGP usa o resumo e a chave privada para criar a “assinatura”. O PGP transmite a assinatura e o texto simples juntos. Ao receber a mensagem, o destinatário utiliza o PGP para recalcular o resumo, verificando assim a assinatura. O PGP pode criptografar o texto simples ou não; assinar texto simples é útil se alguns dos destinatários não estiverem interessados ​​ou não forem capazes de verificar a assinatura. Desde que uma função hash segura seja usada, não há como retirar a assinatura de alguém de um documento e anexá-la a outro, ou alterar uma mensagem assinada de qualquer forma. A menor alteração em um documento assinado causará falha no processo de verificação da assinatura digital.

Figura 1-7. Assinaturas digitais seguras As assinaturas digitais desempenham um papel importante na autenticação e validação de chaves de outros usuários PGP.

Certificados digitais.

Um problema com os criptosistemas de chave pública é que os usuários devem estar constantemente vigilantes para garantir que estão criptografando com a chave da pessoa correta. Num ambiente onde é seguro trocar chaves livremente através de servidores públicos, os ataques man-in-the-middle são uma ameaça potencial. Neste tipo de ataque, alguém publica uma chave falsa com o nome e ID de usuário do destinatário pretendido. Os dados criptografados – e interceptados por – o verdadeiro proprietário desta chave falsa estão agora em mãos erradas. Em um ambiente de chave pública, é vital que você tenha certeza de que a chave pública para a qual você está criptografando os dados é de fato a chave pública do destinatário pretendido e não uma falsificação. Você pode simplesmente criptografar apenas as chaves que foram entregues fisicamente a você. Mas suponha que você precise trocar informações com pessoas que nunca conheceu; como você pode saber se tem a chave correta? Os certificados digitais, ou certs, simplificam a tarefa de estabelecer se uma chave pública realmente pertence ao suposto proprietário. Um certificado é uma forma de credencial. Exemplos podem ser sua carteira de motorista, seu cartão de previdência social ou sua certidão de nascimento. Cada um deles contém algumas informações que identificam você e alguma autorização informando que outra pessoa confirmou sua identidade. Alguns certificados, como o seu passaporte, são uma confirmação importante o suficiente da sua identidade para que você não queira perdê-los, para que ninguém os use para se passar por você.

Um certificado digital são dados que funcionam como um certificado físico. Um certificado digital é uma informação incluída na chave pública de uma pessoa que ajuda outras pessoas a verificar se uma chave é genuína ou válida. Os certificados digitais são usados ​​para impedir tentativas de substituir a chave de uma pessoa por outra.

Um certificado digital consiste em três coisas:

● Uma chave pública.

● Informações do certificado. (Informações de "identidade" sobre o usuário, como nome, ID do usuário e assim por diante.) ● Uma ou mais assinaturas digitais.

O objetivo da assinatura digital em um certificado é afirmar que as informações do certificado foram atestadas por alguma outra pessoa ou entidade. A assinatura digital não atesta a autenticidade do certificado como um todo; ele atesta apenas que as informações de identidade assinadas acompanham ou estão vinculadas à chave pública. Assim, um certificado é basicamente uma chave pública com uma ou duas formas de identificação anexadas, além de um forte selo de aprovação de algum outro indivíduo confiável. Figura 1-8. Anatomia de um certificado PGP

Distribuição de certificados.

Os certificados são utilizados quando é necessário trocar chaves públicas com outra pessoa. Para pequenos grupos de pessoas que desejam se comunicar com segurança, é fácil trocar manualmente disquetes ou e-mails contendo a chave pública de cada proprietário. Esta é a distribuição manual de chave pública e é prática apenas até certo ponto. Além desse ponto, é necessário implementar sistemas que possam fornecer os mecanismos necessários de segurança, armazenamento e troca para que colegas de trabalho, parceiros de negócios ou estranhos possam se comunicar, se necessário. Eles podem vir na forma de repositórios somente de armazenamento, chamados Servidores de Certificados, ou sistemas mais estruturados que fornecem recursos adicionais de gerenciamento de chaves e são chamados de Infraestruturas de Chave Pública (PKIs).

Servidores de certificados.

Um servidor de certificados, também chamado de servidor certificado ou servidor de chaves, é um banco de dados que permite aos usuários enviar e recuperar certificados digitais. Um servidor certificado geralmente fornece alguns recursos administrativos que permitem que uma empresa mantenha suas políticas de segurança – por exemplo, permitindo que apenas as chaves que atendam a determinados requisitos sejam armazenadas.

Infraestruturas de Chave Pública.

Uma PKI contém os recursos de armazenamento de certificados de um servidor de certificados, mas também fornece recursos de gerenciamento de certificados (a capacidade de emitir, revogar, armazenar, recuperar e confiar em certificados). A principal característica de uma PKI é a introdução do que é conhecido como Autoridade Certificadora,ou CA, que é uma entidade humana — uma pessoa, grupo, departamento, empresa ou outra associação — que uma organização autorizou a emitir certificados para seus usuários de computador. (A função de uma CA é análoga à do Passport Office do governo de um país.) Uma CA cria certificados e os assina digitalmente usando a chave privada da CA. Devido ao seu papel na criação de certificados, a CA é o componente central de uma PKI. Usando a chave pública da CA, qualquer pessoa que queira verificar a autenticidade de um certificado verifica a assinatura digital da CA emissora e, portanto, a integridade do conteúdo do certificado (mais importante ainda, a chave pública e a identidade do titular do certificado).

Formatos de certificado.

Um certificado digital é basicamente uma coleção de informações de identificação vinculadas a uma chave pública e assinadas por um terceiro confiável para provar sua autenticidade. Um certificado digital pode ter vários formatos diferentes.

O PGP reconhece dois formatos de certificado diferentes:

● Certificados PGP ● Certificados X.509 Formato do certificado PGP. Um certificado PGP inclui (mas não está limitado a) as seguintes informações: ● O número da versão do PGP — identifica qual versão do PGP foi usada para criar a chave associada ao certificado. A chave pública do titular do certificado — a parte pública do seu par de chaves, juntamente com o algoritmo da chave: RSA, DH (Diffie-Hellman) ou DSA (Algoritmo de Assinatura Digital).

● As informações do detentor do certificado — consistem em informações de “identidade” sobre o usuário, como seu nome, ID de usuário, fotografia e assim por diante. ● A assinatura digital do proprietário do certificado — também chamada de autoassinatura, é a assinatura que utiliza a chave privada correspondente da chave pública associada ao certificado. ● O período de validade do certificado — a data/hora de início e a data/hora de expiração do certificado; indica quando o certificado irá expirar. ● O algoritmo de criptografia simétrica preferido para a chave — indica o algoritmo de criptografia para o qual o proprietário do certificado prefere que as informações sejam criptografadas. Os algoritmos suportados são CAST, IDEA ou Triple-DES. Você pode pensar em um certificado PGP como uma chave pública com um ou mais rótulos vinculados a ele (veja a Figura 1.9 ). Nessas 'etiquetas' você encontrará informações que identificam o proprietário da chave e uma assinatura do proprietário da chave, que afirma que a chave e a identificação andam juntas. (Essa assinatura específica é chamada de autoassinatura; todo certificado PGP contém uma autoassinatura.) Um aspecto único do formato de certificado PGP é que um único certificado pode conter múltiplas assinaturas. Várias ou muitas pessoas podem assinar o par chave/identificação para atestar a sua própria garantia de que a chave pública pertence definitivamente ao proprietário especificado. Se você procurar em um servidor de certificados público, poderá notar que certos certificados, como o do criador do PGP, Phil Zimmermann, contêm muitas assinaturas. Alguns certificados PGP consistem em uma chave pública com vários rótulos, cada um contendo um meio diferente de identificar o proprietário da chave (por exemplo, o nome do proprietário e a conta de e-mail corporativa, o apelido do proprietário e a conta de e-mail residencial, uma fotografia do proprietário — tudo em um certificado). A lista de assinaturas de cada uma dessas identidades pode ser diferente; as assinaturas atestam a autenticidade de que um dos rótulos pertence à chave pública, e não que todos os rótulos da chave sejam autênticos. (Observe que 'autêntico' está nos olhos de quem vê - assinaturas são opiniões, e diferentes pessoas dedicam diferentes níveis de devida diligência na verificação da autenticidade antes de assinar uma chave.) Figura 1-9. Um certificado PGP

Formato de certificado X.509.

X.509 é outro formato de certificado muito comum. Todos os certificados X.509 estão em conformidade com o padrão internacional ITU-T X.509; assim (teoricamente) os certificados X.509 criados para um aplicativo podem ser usados ​​por qualquer aplicativo compatível com X.509. Na prática, porém, diferentes empresas criaram suas próprias extensões para certificados X.509, e nem todas funcionam juntas. Um certificado exige que alguém valide que uma chave pública e o nome do proprietário da chave andam juntos. Com os certificados PGP, qualquer pessoa pode desempenhar o papel de validador. Com certificados X.509, o validador é sempre uma Autoridade Certificadora ou alguém designado por uma CA. (Tenha em mente que os certificados PGP também suportam totalmente uma estrutura hierárquica usando uma CA para validar certificados.)

Um certificado X.509 é uma coleção de um conjunto padrão de campos contendo informações sobre um usuário ou dispositivo e sua chave pública correspondente. O padrão X.509 define quais informações vão para o certificado e descreve como codificá-lo (o formato dos dados). Todos os certificados X.509 possuem os seguintes dados:

O número da versão X.509

— identifica qual versão do padrão X.509 se aplica a este certificado, o que afeta quais informações podem ser especificadas nele. A mais atual é a versão 3.

A chave pública do titular do certificado

— a chave pública do titular do certificado, juntamente com um identificador de algoritmo que especifica a qual sistema criptográfico a chave pertence e quaisquer parâmetros de chave associados.

O número de série do certificado

— a entidade (aplicação ou pessoa) que criou o certificado é responsável por atribuir-lhe um número de série único para distingui-lo de outros certificados que emite. Esta informação é usada de diversas maneiras; por exemplo, quando um certificado é revogado, seu número de série é colocado em uma Lista de Revogação de Certificados ou CRL.

O identificador exclusivo do detentor do certificado

— (ou DN — nome distinto). Este nome pretende ser exclusivo na Internet. Este nome pretende ser exclusivo na Internet. Um DN consiste em múltiplas subseções e pode ser parecido com isto: CN=Bob Allen, OU=Divisão Total de Segurança de Rede, O=Network Associates, Inc., C=EUA (Referem-se ao nome comum, à unidade organizacional, à organização e ao país do sujeito .)

O período de validade do certificado

— a data/hora de início e a data/hora de expiração do certificado; indica quando o certificado irá expirar.

O nome exclusivo do emissor do certificado

— o nome exclusivo da entidade que assinou o certificado. Normalmente é uma CA. A utilização do certificado implica confiar na entidade que assinou este certificado. (Observe que em alguns casos, como certificados de CA raiz ou de nível superior , o emissor assina seu próprio certificado.)

A assinatura digital do emitente

— a assinatura utilizando a chave privada da entidade que emitiu o certificado.

O identificador do algoritmo de assinatura

— identifica o algoritmo usado pela CA para assinar o certificado.

Existem muitas diferenças entre um certificado X.509 e um certificado PGP, mas as mais importantes são as seguintes: você pode criar seu próprio certificado PGP;

● você deve solicitar e receber um certificado X.509 de uma autoridade de certificação

● Os certificados X.509 suportam nativamente apenas um único nome para o proprietário da chave

● Os certificados X.509 suportam apenas uma única assinatura digital para atestar a validade da chave

Para obter um certificado X.509, você deve solicitar a uma CA a emissão de um certificado. Você fornece sua chave pública, prova de que possui a chave privada correspondente e algumas informações específicas sobre você. Em seguida, você assina digitalmente as informações e envia o pacote completo – a solicitação de certificado – para a CA. A CA então realiza algumas diligências para verificar se as informações fornecidas estão corretas e, em caso afirmativo, gera o certificado e o devolve.

Você pode pensar em um certificado X.509 como um certificado de papel padrão (semelhante ao que você recebeu ao concluir uma aula de primeiros socorros básicos) com uma chave pública colada nele. Ele contém seu nome e algumas informações sobre você, além da assinatura da pessoa que o emitiu para você.

Figura 1-10. Um certificado X.509 Provavelmente, o uso mais visível dos certificados X.509 atualmente é em navegadores da web.

Validade e confiança Cada usuário em um sistema de chave pública está vulnerável a confundir uma chave falsa (certificado) com uma chave real. Validade é a confiança de que um certificado de chave pública pertence ao seu suposto proprietário. A validade é essencial em um ambiente de chave pública onde você deve estabelecer constantemente se um determinado certificado é autêntico ou não. Depois de ter certeza de que um certificado pertencente a outra pessoa é válido, você pode assinar a cópia em seu chaveiro para atestar que verificou o certificado e que ele é autêntico. Se quiser que outras pessoas saibam que você deu ao certificado seu selo de aprovação, você pode exportar a assinatura para um servidor de certificados para que outras pessoas possam vê-la.

Conforme descrito na seção Infraestruturas de Chave Pública , algumas empresas designam uma ou mais Autoridades de Certificação (CAs) para indicar a validade do certificado. Em uma organização que usa uma PKI com certificados X.509, é função da CA emitir certificados aos usuários — um processo que geralmente envolve responder à solicitação de certificado do usuário. Em uma organização que usa certificados PGP sem PKI, é função da CA verificar a autenticidade de todos os certificados PGP e depois assinar os bons. Basicamente, o objetivo principal de uma CA é vincular uma chave pública às informações de identificação contidas no certificado e, assim, garantir a terceiros que algum cuidado foi tomado para garantir que esta ligação das informações de identificação e da chave seja válida. O CA é o Grand Pooh-bah da validação em uma organização; alguém em quem todos confiam e, em algumas organizações, como aquelas que utilizam uma PKI, nenhum certificado é considerado válido, a menos que tenha sido assinado por uma CA confiável.

Verificando validade.

Uma maneira de estabelecer a validade é passar por algum processo manual. Existem várias maneiras de fazer isso. Você pode exigir que o destinatário pretendido lhe entregue fisicamente uma cópia de sua chave pública. Mas isto é muitas vezes inconveniente e ineficiente. Outra forma é verificar manualmente a impressão digital do certificado. Assim como as impressões digitais de cada ser humano são únicas, a impressão digital de cada certificado PGP é única. A impressão digital é um hash do certificado do usuário e aparece como uma das propriedades do certificado. No PGP, a impressão digital pode aparecer como um número hexadecimal ou uma série das chamadas palavras biométricas, que são foneticamente distintas e são usadas para facilitar um pouco o processo de identificação da impressão digital. Você pode verificar se um certificado é válido ligando para o proprietário da chave (para que você origine a transação) e pedindo ao proprietário que leia a impressão digital de sua chave para você e compare essa impressão digital com aquela que você acredita ser a verdadeira. Isso funciona se você conhece a voz do proprietário, mas como verificar manualmente a identidade de alguém que você não conhece? Algumas pessoas colocam a impressão digital de sua chave em seus cartões de visita exatamente por esse motivo. Outra forma de estabelecer a validade do certificado de alguém é confiar que um terceiro indivíduo passou pelo processo de validação do mesmo. Uma CA, por exemplo, é responsável por garantir que, antes de emitir um certificado, ele ou ela o verifique cuidadosamente para ter certeza de que a parte da chave pública realmente pertence ao suposto proprietário. Qualquer pessoa que confie na CA considerará automaticamente quaisquer certificados assinados pela CA como válidos. Outro aspecto da verificação da validade é garantir que o certificado não foi revogado. Para obter mais informações, consulte a seção Revogação de certificado .

Estabelecendo confiança.

Você valida certificados. Você confia nas pessoas. Mais especificamente, você confia nas pessoas para validar os certificados de outras pessoas. Normalmente, a menos que o proprietário lhe entregue o certificado, você terá que confiar na palavra de outra pessoa de que ele é válido.

Introdutores meta e confiáveis.

​​Na maioria das situações, as pessoas confiam completamente na CA para estabelecer a validade dos certificados. Isso significa que todos os demais dependem da CA para passar por todo o processo de validação manual. Isso é aceitável até um certo número de usuários ou locais de trabalho e, então, não é possível para a AC manter o mesmo nível de validação de qualidade. Nesse caso, é necessário adicionar outros validadores ao sistema.

Um CA também pode ser um meta- introdutor. Um meta-introdutor confere não apenas validade às chaves, mas também confere a capacidade de confiar nas chaves a outros. Semelhante ao rei que entrega seu selo a seus conselheiros de confiança para que eles possam agir de acordo com sua autoridade, o meta-introdutor permite que outros atuem como introdutores de confiança. Esses introdutores confiáveis ​​podem validar chaves com o mesmo efeito do meta-introdutor. Eles não podem, entretanto, criar novos introdutores confiáveis.

Meta-introdutor e introdutor confiável são termos PGP. Em um ambiente X.509, o meta-introdutor é chamado de Autoridade de Certificação raiz ( CA raiz) e os introdutores confiáveis ​​são Autoridades de Certificação subordinadas . A CA raiz usa a chave privada associada a um tipo de certificado especial denominado certificado CA raiz para assinar certificados. Qualquer certificado assinado pelo certificado CA raiz é visto como válido por qualquer outro certificado assinado pela raiz. Este processo de validação funciona mesmo para certificados assinados por outras CAs no sistema — desde que o certificado da CA raiz tenha assinado o certificado da CA subordinada, qualquer certificado assinado pela CA será considerado válido para outras pessoas dentro da hierarquia. Este processo de verificação de backup por meio do sistema para ver quem assinou cujo certificado é chamado de rastreamento de um caminho de certificação ou cadeia de certificação.

Modelos de confiança.

Em sistemas relativamente fechados, como em uma pequena empresa, é fácil rastrear um caminho de certificação até a CA raiz. No entanto, os usuários muitas vezes precisam se comunicar com pessoas fora do seu ambiente corporativo, incluindo algumas que nunca conheceram, como fornecedores, consumidores, clientes, associados e assim por diante. É difícil estabelecer uma linha de confiança com aqueles em quem sua CA não confia explicitamente. As empresas seguem um ou outro modelo de confiança, que determina como os usuários irão estabelecer a validade do certificado. Existem três modelos diferentes:

Confiança Direta.

Confiança Hierárquica Uma teia de confiança Confiança direta A confiança direta é o modelo de confiança mais simples. Neste modelo, um usuário confia que uma chave é válida porque sabe de onde ela veio. Todos os criptosistemas usam essa forma de confiança de alguma forma. Por exemplo, em navegadores da Web, as chaves raiz da Autoridade de Certificação são diretamente confiáveis ​​porque foram enviadas pelo fabricante. Se houver alguma forma de hierarquia, ela se estenderá a partir desses certificados diretamente confiáveis. No PGP, um usuário que valida as chaves e nunca define outro certificado para ser um introdutor confiável está usando confiança direta. Figura 1-11. Confiança direta

Confiança Hierárquica.

Em um sistema hierárquico, há vários certificados "raiz" a partir dos quais a confiança se estende. Esses certificados podem certificar eles próprios certificados ou podem certificar certificados que certificam ainda outros certificados em alguma cadeia. Considere isso como uma grande “árvore” de confiança. A validade do certificado "folha" é verificada rastreando desde seu certificador até outros certificadores, até que um certificado raiz diretamente confiável seja encontrado.

Figura 1-12. Confiança hierárquica

Teia de Confiança.

Uma teia de confiança abrange ambos os outros modelos, mas também acrescenta a noção de que a confiança está nos olhos de quem vê (que é a visão do mundo real) e a ideia de que mais informação é melhor. É, portanto, um modelo de confiança cumulativa. Um certificado pode ser confiável diretamente ou confiável em alguma cadeia que remonta a um certificado raiz diretamente confiável (o meta-introdutor) ou por algum grupo de introdutores.

Talvez você já tenha ouvido falar do termo seis graus de separação, que sugere que qualquer pessoa no mundo pode determinar algum vínculo com qualquer outra pessoa no mundo usando seis ou menos outras pessoas como intermediários. Esta é uma teia de introdutores. É também a visão de confiança do PGP. PGP usa assinaturas digitais como forma de introdução. Quando qualquer usuário assina a chave de outro, ele ou ela se torna o introdutor dessa chave. À medida que esse processo avança, ele estabelece uma rede de confiança.

Em um ambiente PGP, qualquer usuário pode atuar como autoridade certificadora. Qualquer usuário PGP pode validar o certificado de chave pública de outro usuário PGP. No entanto, tal certificado só é válido para outro usuário se a parte confiável reconhecer o validador como um introdutor confiável. (Ou seja, você confia na minha opinião de que as chaves dos outros são válidas apenas se você me considerar um apresentador confiável. Caso contrário, minha opinião sobre a validade das outras chaves é discutível.) Armazenados no chaveiro público de cada usuário estão indicadores de

● se o usuário considera ou não uma chave específica válida

● o nível de confiança que o usuário deposita na chave que o proprietário da chave pode servir como certificador das chaves de terceiros

Você indica, na sua cópia da minha chave, se acha que meu julgamento conta. Na verdade, é um sistema de reputação: certas pessoas têm a reputação de fornecer boas assinaturas e as pessoas confiam nelas para atestar a validade de outras chaves.

Níveis de confiança no PGP.

O nível mais alto de confiança em uma chave, a confiança implícita , é a confiança em seu próprio par de chaves. O PGP assume que se você possui a chave privada, você deve confiar nas ações da sua chave pública relacionada. Quaisquer chaves assinadas pela sua chave implicitamente confiável são válidas.

Existem três níveis de confiança que você pode atribuir à chave pública de outra pessoa:

● Confiança total ● Confiança marginal ● Não confiável (ou não confiável)

Para tornar as coisas confusas, também existem três níveis de validade:

● Válido ● Marginalmente válido ● Inválido

Para definir a chave de outra pessoa como um introdutor confiável, você

1. Comece com uma chave válida, que seja.
2. assinado por você ou

3. assinado por outro apresentador confiável e então

4. Defina o nível de confiança que você acha que o proprietário da chave tem direito.

Por exemplo, suponha que seu chaveiro contenha a chave de Alice. Você validou a chave de Alice e indica isso assinando-a. Você sabe que Alice é uma verdadeira defensora da validação de chaves de outras pessoas. Portanto, você atribui a chave dela com confiança total. Isso faz de Alice uma Autoridade Certificadora. Se Alice assinar a chave de outra pessoa, ela aparecerá como Válida em seu chaveiro. O PGP requer uma assinatura Totalmente confiável ou duas assinaturas Marginalmente confiáveis ​​para estabelecer uma chave como válida. O método do PGP de considerar dois Marginais iguais a um Completo é semelhante a um comerciante que solicita duas formas de identificação. Você pode considerar Alice bastante confiável e também considerar Bob bastante confiável. Qualquer um deles sozinho corre o risco de assinar acidentalmente uma chave falsificada, portanto, você pode não depositar total confiança em nenhum deles. No entanto, as probabilidades de ambos os indivíduos terem assinado a mesma chave falsa são provavelmente pequenas.

Revogação de certificado.

Os certificados só são úteis enquanto são válidos. Não é seguro simplesmente presumir que um certificado é válido para sempre. Na maioria das organizações e em todas as PKIs, os certificados têm uma vida útil restrita. Isso restringe o período em que um sistema fica vulnerável caso ocorra um comprometimento do certificado.

Os certificados são assim criados com um período de validade programado: uma data/hora de início e uma data/hora de expiração. Espera-se que o certificado seja utilizável durante todo o seu período de validade (seu tempo de vida ). Quando o certificado expirar, ele não será mais válido, pois a autenticidade do seu par chave/identificação não estará mais garantida. (O certificado ainda pode ser usado com segurança para reconfirmar informações que foram criptografadas ou assinadas dentro do período de validade – no entanto, ele não deve ser confiável para tarefas criptográficas futuras.)

Existem também situações em que é necessário invalidar um certificado antes da sua data de expiração, como quando o titular do certificado termina o contrato de trabalho com a empresa ou suspeita que a chave privada correspondente do certificado foi comprometida. Isso é chamado de revogação. Um certificado revogado é muito mais suspeito do que um certificado expirado. Os certificados expirados são inutilizáveis, mas não apresentam a mesma ameaça de comprometimento que um certificado revogado. Qualquer pessoa que tenha assinado um certificado pode revogar a sua assinatura no certificado (desde que utilize a mesma chave privada que criou a assinatura). Uma assinatura revogada indica que o signatário não acredita mais que a chave pública e as informações de identificação pertencem uma à outra, ou que a chave pública do certificado (ou a chave privada correspondente) foi comprometida. Uma assinatura revogada deve ter quase tanto peso quanto um certificado revogado. Com certificados X.509, uma assinatura revogada é praticamente igual a um certificado revogado, visto que a única assinatura no certificado é aquela que o tornou válido em primeiro lugar – a assinatura da CA. Os certificados PGP fornecem o recurso adicional de que você pode revogar todo o seu certificado (não apenas as assinaturas nele) se você achar que o certificado foi comprometido. Somente o proprietário do certificado (o detentor da chave privada correspondente) ou alguém que o proprietário do certificado tenha designado como revogador pode revogar um certificado PGP. (Designar um revogador é uma prática útil, pois muitas vezes é a perda da senha da chave privada correspondente do certificado que leva um usuário PGP a revogar seu certificado - uma tarefa que só é possível se alguém tiver acesso à chave privada. ) Somente o emissor do certificado pode revogar um certificado X.509.

Comunicar que um certificado foi revogado.

Quando um certificado é revogado, é importante conscientizar os usuários potenciais do certificado de que ele não é mais válido. Com certificados PGP, a maneira mais comum de comunicar que um certificado foi revogado é publicá-lo em um servidor de certificados para que outras pessoas que desejem se comunicar com você sejam avisadas para não usar essa chave pública. Em um ambiente PKI, a comunicação de certificados revogados é mais comumente obtida por meio de uma estrutura de dados chamada Lista de Revogação de Certificados, ou CRL, que é publicada pela CA. A CRL contém uma lista validada com carimbo de data e hora de todos os certificados revogados e não expirados no sistema. Os certificados revogados permanecem na lista apenas até expirarem e, em seguida, são removidos da lista — isso evita que a lista fique muito longa. A CA distribui a CRL aos usuários em algum intervalo programado regularmente (e potencialmente fora do ciclo, sempre que um certificado é revogado). Teoricamente, isso impedirá que os usuários usem involuntariamente um certificado comprometido. É possível, no entanto, que haja um período de tempo entre as CRLs em que um certificado recentemente comprometido seja usado.

O que é uma senha?

A maioria das pessoas está familiarizada com a restrição de acesso a sistemas de computador por meio de uma senha, que é uma sequência única de caracteres que um usuário digita como código de identificação.

Uma senha longa é uma versão mais longa de uma senha e, em teoria, mais segura. Normalmente composta por várias palavras, uma frase secreta é mais segura contra ataques de dicionário padrão, em que o invasor tenta todas as palavras do dicionário na tentativa de determinar sua senha. As melhores senhas são relativamente longas e complexas e contêm uma combinação de letras maiúsculas e minúsculas, caracteres numéricos e de pontuação. O PGP usa uma senha para criptografar sua chave privada em sua máquina. Sua chave privada é criptografada em seu disco usando um hash de sua senha como chave secreta. Você usa a senha para descriptografar e usar sua chave privada. Uma senha deve ser difícil de esquecer e difícil de ser adivinhada por outras pessoas. Deve ser algo já firmemente enraizado na sua memória de longo prazo, em vez de algo que você invente do zero. Por que? Porque se você esquecer sua senha, você estará sem sorte. Sua chave privada é total e absolutamente inútil sem sua senha e nada pode ser feito a respeito. Lembra-se da citação anterior neste capítulo?

PGP é a criptografia que manterá os principais governos fora dos seus arquivos. Certamente também o manterá fora de seus arquivos. Tenha isso em mente quando decidir alterar sua senha para a piada daquela piada que você nunca consegue lembrar.

Divisão de chave.

Dizem que um segredo não é segredo se for conhecido por mais de uma pessoa. Compartilhar um par de chaves privadas representa um grande problema. Embora não seja uma prática recomendada, às vezes é necessário compartilhar um par de chaves privadas. Chaves de assinatura corporativa, por exemplo, são chaves privadas usadas por uma empresa para assinar – por exemplo – documentos legais, informações pessoais confidenciais ou comunicados de imprensa para autenticar sua origem. Nesse caso, vale a pena que vários membros da empresa tenham acesso à chave privada. No entanto, isto significa que qualquer indivíduo pode agir plenamente em nome da empresa. Nesse caso, é aconselhável dividir a chave entre várias pessoas, de modo que mais de uma ou duas pessoas apresentem um pedaço da chave para reconstituí-la em condições utilizáveis. Se poucas peças da chave estiverem disponíveis, a chave ficará inutilizável. Alguns exemplos são dividir uma chave em três partes e exigir duas delas para reconstituir a chave, ou dividi-la em duas partes e exigir ambas as peças. Se uma conexão de rede segura for usada durante o processo de reconstituição, os acionistas da chave não precisam estar fisicamente presentes para aderirem novamente à chave.

@ 1f6ca203:4fafa595

This is my first post, with a header and regular text.

@ 1f6ca203:4fafa595

I hope you like it

.

@ 1f6ca203:4fafa595

Let'‘s see if they appear in the right order.

First we have an apple.

Then we have a banana.

And lastly, a pear.

@ 1f6ca203:4fafa595

❤️🔥✨

@ 1f6ca203:4fafa595

And this is the regular text.

@ 1f6ca203:4fafa595

❤️🔥✨

@ fe02e8ec:f07fbe0b

Die baldige Ex-Außenministerin Annalena Baerbock fordert einen radikalen Wandel in der Energieversorgung hin zu einer feministischen Energiepolitik. Wie sich gezeigt habe, so sei das spanische Netz am 28.04.25 wegen toxischer Männlichkeit zusammengebrochen. Es hätte sich herausgestellt, dass alle Überlandleitungen von Männern gebaut und installiert worden waren! Dies, so Baerbock, sei ein untragbarer Zustand, der durch den resultierenden Blackout für viel Leid und Ärger gesorgt habe. Selbst Haarföhns waren nicht mehr in Betrieb zu nehmen!

«Nur Frauen sind in der Lage, derart empfindliche und sensible Ströme zu leiten. Denn Strömen liegt in ihrer Natur. Sie benötigen keine Messgeräte oder teure Transformatoren für die Strömung, da Mutter Natur – eine Frau, wie der Name schon sagt – für alles selbst sorgen wird. Man muss nur verhindern, dass maskuline Energien verströmt werden, die nämlich den Strom um 360 Grad drehen würden.»

Mit dieser Analyse empfiehlt sich Annalena B. nicht nur für höchste UN Ämter sondern ebenfalls für den Vorsitz des Weltklimarates IPCC. Aus informierten Kreisen ist zu hören, dass sie nur noch die Papstwahl abwarten möchte - schließlich wäre es Zeit für eine Päpstin - bis sie sich fürs Klima bewerben würde. Um weitere Blackouts abzuschrecken überlegt sie angeblich, ihren Namen in Blackbock zu ändern. Möglich wäre allerdings auch, dass dies alles nur erfunden ist.

Mehr Satirisches und Ernstes: www.thomas-eisinger.de

@ f1f59549:f4121cfe

Ego is a fundamental part of the human condition. It provides us with the necessary ability to separate and compartmentalize ourselves from the rest of the world.

Our ego allows us to exist in the chaos of existence.

The spiritual path is seen as a way to “escape the ego” and achieve a higher state of consciousness. A state where the confines of the ego no longer hold us back from seeing things as they are and allow us to experience true bliss.

But there’s a paradox to this whole process.

By seeking spiritual advancement, we have to accept that there is something to improve and someone to do the improving.

This suggests that this improvement somehow makes us better than someone who has not achieved similar levels of improvement.

This kind of thinking is inherently egotistical.

As we advance down the spiritual path — escaping the grasp of ego and removing attachments — spirituality itself can end up feeding the ego. Most of the time, we don’t even notice it while it’s happening.

It’s an unconscious process that develops along the way. Only after we notice it within ourselves can we course-correct.

I acknowledge that writing this article is itself an example of spiritual egotism.

Who am I to talk about dissolving the ego? What are my goals for writing this piece? By pointing out the hypocrisy behind having spiritual convictions or goals, am I in some way suggesting myself to be free from these convictions?

I am in no way exempt from the clutches of spiritual egotism — I certainly have not reached enlightenment.

But the paradox is that if I had, I probably wouldn’t be talking about it now.

This is known in Buddhism as the “noble silence.”

The only way to understand what it truly means to “dissolve the ego” is by discovering it spontaneously. It is not something that can be taught.

This is the approach Zen Buddhism takes to reach enlightenment. By accepting that the truth cannot be told, the master does not try to speak it. Instead, the master simply pops the ego of his students as it bubbles up from time to time.

This employs a concept called “the middle way.”

You know that you must dissolve your ego. But you can’t, so trying it is also pointless. The middle way says, “I will do my best to escape my ego, but I accept that I will fail.”

One thing we can do is pay attention to our failings. When you perform a kind act for another person, consider the motivation behind why you did it. Was it for their sake or for yours?

If you’re able to convince yourself these acts come from selfless motives — take notice — your ego has just presented itself.

The Paradox of Spiritual Development

You want to improve yourself by changing your consciousness. But the self that needs to be improved is the same one doing the improving.

This is a paradox.

As egotistical beings, we cannot be without ego.

At its core, the very reason one seeks to dissolve the ego is to improve oneself. Whether it’s to feel well, perform more effectively, or improve relationships with others — the very desire to achieve this improvement is egotistical.

This forms a negative feedback loop. The more we attempt to remove the ego, the more egotistical we become.

Essentially, the harder we try to avoid it, the more we become it.

By choosing to take a path toward enlightenment — we can not reach enlightenment.

The great Alan Watts says it best (paraphrasing):

“As long as you think and feel that you are contained in your bag of skin, there is no way whatsoever to behave unselfishly. You can imitate unselfishness. Undergo all kinds of highly refined forms of unselfishness. But you’re still tied to the gold chains of your good deeds.”

Is There A Solution?

Not exactly, but we may be able to move closer toward enlightenment by accepting its impossibility. Simply allowing ourselves to notice this paradox in ourselves may allow us to redirect course toward the middle path once again.

Let’s look at the story of the Buddha as an example.

Siddhartha was an ascetic for several decades. Acetics of the time would do all sorts of austere techniques. He would starve himself, sleep out in the cold, and purposely subject himself to discomfort and hardship — all an attempt to dissociate from his physical body and, thus, his ego.

The goal was to “reach” enlightenment.

But all the attempts the Buddha made to get himself out of the trap failed.

Siddhartha only achieved enlightenment when he realized that the trap and the trapped are one. By this realization, there isn’t any trap left.

He realized that the spiritual journey isn’t about being on some sort of “higher level.” There is no “end goal” or plateau to reach.

The spiritual teacher Eckhart Tolle puts it another way:

“The ego has many ideas. It says, ‘I want to be a spiritual person. I want to be recognized as a spiritual person. I want to be more spiritual than all these people. And I’m definitely more spiritual than you… The essential dysfunction of the ego is still operating. This is why we have the phrase ‘the road to hell is paved with good intentions’… You have to reach the place within yourself that is unconditioned; that is what I sometimes call formless.”

Spiritual Arrogance is a Blind Spot on the Path to Enlightenment

Spirituality can help you release the firm grasp your ego has over you, but it can also reinforce it.

Spiritual arrogance arises when someone develops an identity about seeking a path to enlightenment. It’s sometimes referred to as “spiritual narcissism.”

It’s what happens when you feel like people just “aren’t quite on your level.”

“High vibrations,” right?

As the psychiatrist Gerald May wrote in his 1983 book Will and Spirit:

“Simply stated, spiritual narcissism is the unconscious use of spiritual practice, experience, and insight to increase rather than decrease self-importance.”

Spiritual arrogance emerges naturally as we engage on the spiritual path. We fool ourselves into thinking that by taking steps to become more “enlightened,” we’re in some way superior to those who do not.

We leverage spiritual practices — like yoga, meditation, or other forms of spiritual self-care — as tokens of our supposed enlightenment or moral superiority.

We may use our "spiritual" identity to look down upon others who don't share these practices or beliefs, to dodge personal responsibilities or interpersonal challenges, or to create a persona that earns us social capital.

This condition damages both the individual, who is missing the opportunity for genuine spiritual or personal growth, and the community around them, which may be subjected to their judgment, manipulation, or neglect.

The presentation of spiritual arrogance comes in all shapes and sizes.

Let’s say you join a church group or other spiritual group. Members become spiritually proud. They believe they are the ones who have the right teaching. Everybody else is a bit off the track.

Then someone comes and one-ups them. “In our circles, we’re very tolerant. And we accept all teachings and all ways as leading to the one.”

But they’re just playing the game of “we’re more tolerant than you are.”

In essence, they become a victim of their own spiritual practice — they’re blind to the paradox of the spiritual path and become lost in their own egotistical beliefs that their “way” is somehow better than everybody else’s.

Of course, the other side of this paradox comes from noticing the people around you who demonstrate signs of spiritual arrogance. Looking at someone in their arrogance can make you feel like they’re inferior.

It’s another trap — but it comes from the completely opposite angle.

We cannot escape it.

Can Spiritual Arrogance Be Avoided?

Probably not, but by learning to recognize it, we may be able to re-align ourselves towards the middle path when it inevitably appears over and over again throughout our lives.

Here are some ideas to think about for avoiding the paradoxical nature of spiritual arrogance:

1. Find your intuitive expertise & learn to flow with it

Taoists call this practice “wu-wei.” Zen Buddhists call it “mushin.” Both loosely refer to an absence of striving. It’s the constant striving to improve or reach “higher vibrations” that causes this paradox to manifest in a big way.

2. Stop judging others based on their “level”

Spirituality is not a competition; you are not here to “help” others on their spiritual journey.

3. Remain skeptical about ideas, mentors, & gurus

Nobody truly has it figured out, and if they do, they certainly aren’t talking about it.

4. Embrace the beginner’s mind

Avoid bringing your preconceptions and opinions to new ideas. Act as though you’re a child experiencing everything for the first time.

5. Be conscious about your use of social media

This is especially important when it comes to sharing your spiritual development publicly. By sharing with others, you’re feeding the ego hiding behind the curtain.

6. Avoid over-intellectualizing spirituality

This comes at the expense of direct, personal, or experiential understandings of these concepts in daily life.

7. Beware of toxic positivity

This is the belief that no matter how dire or difficult a situation is, people should maintain a positive mindset. This invalidates an authentic human emotional experience and is a form of spiritual bypassing.

---

Quotes on Spiritual Arrogance

“The biggest ego trip going is getting rid of your ego.” — Alan Watts

“If it’s so easy to lose Jim Carey, who’s Jim Carey?” — Jim Carey

“If an organ is working properly, you don’t feel it. When you’re thinking clearly, your brain isn’t getting in your way.” — Alan Watts

“To go beyond is as wrong as to fall short.” — Confucius

“For things to reveal themselves to us, we need to be ready to abandon our views about them.” — Thich Nhat Hanh

“No matter what the practice or teaching, ego loves to wait in ambush to appropriate spirituality for its own survival and gain.” ― Chögyam Trungpa

---

Zen Koans About Spiritual Arrogance

The beauty of Zen koans is that they can be used to “impart wisdom” that can’t otherwise be explained by words.

They’re told as a sort of joke — only the punchline isn’t spontaneous laughter — but spontaneous glimpses of enlightenment.

They all deliver some form of unexplainable wisdom that you either get at the punchline or you don’t. Just like a joke, if the koan has to be explained, it loses its power.

1. The Double Vision of Ego
2. Praise vs. Prajna
3. What Mind?
4. Killing Buddhism

Subscribe to The Zen Psychedelic

Thanks for reading The Zen Psychedelic! Consider subscribing for free to receive new posts and support my work.

You can subscribe here using Nostr or follow me on Substack.

→ This post was originally published on The Zen Psychedelic Substack

@ bc52210b:20bfc6de

---

Imagine a world where clean, safe, and efficient nuclear power can be delivered to any corner of the globe, powering everything from small villages to bustling cities. This vision is becoming a reality with the development of nuclear modular plants—compact, portable nuclear reactors that can be shipped in standard containers and set up quickly to provide reliable energy. These innovative power sources use fission—the process of splitting atomic nuclei to release energy, the same fundamental principle that powers traditional nuclear plants—but with a twist: they utilize thorium as fuel and a molten salt system for cooling and fuel delivery. This combination offers a host of benefits that could revolutionize how we think about nuclear energy.

Portability and Deployment

One of the most significant advantages of these nuclear modular plants is their portability. Designed to fit within standard shipping containers, these reactors can be transported by truck, ship, or even air to virtually any location. This makes them ideal for remote communities, disaster relief efforts, or military operations where traditional power infrastructure is lacking or damaged. Setting up a conventional power plant typically takes years, but these modular units can be operational in a matter of weeks, providing a rapid solution to energy needs.

Safety Features

Safety is a paramount concern in nuclear energy, and modular thorium molten salt reactors (MSRs) offer several inherent safety advantages. Unlike traditional reactors that use water under high pressure, MSRs operate at atmospheric pressure, eliminating the risk of pressure-related accidents. The fuel is dissolved in the molten salt, which means there's no solid fuel that could melt down. If the reactor overheats, the salt expands, naturally slowing the fission reaction—a built-in safety mechanism. Additionally, thorium-based fuels produce less long-lived radioactive waste, reducing the long-term environmental impact.

Efficiency and Abundance

Thorium is a more abundant resource than uranium, with estimates suggesting it is three to four times more plentiful in the Earth's crust. This abundance makes thorium a sustainable fuel choice for the future. Moreover, MSRs can operate at higher temperatures than traditional reactors, leading to greater thermal efficiency. This means more electricity can be generated from the same amount of fuel, making the energy production process more efficient and cost-effective in the long run.

Scalability

The modular design of these reactors allows for scalability to meet varying power demands. A single unit might power a small community, while multiple units can be combined to serve larger towns or cities. This flexibility is particularly useful for growing populations or regions with fluctuating energy needs. As demand increases, additional modules can be added without the need for extensive new infrastructure.

Cost-Effectiveness

While the initial investment in nuclear modular plants may be significant, the long-term operational costs can be lower than traditional power sources. The high efficiency of MSRs means less fuel is needed over time, and the reduced waste production lowers disposal costs. Additionally, the ability to mass-produce these modular units could drive down manufacturing costs, making nuclear power more accessible and affordable.

Environmental Impact

Nuclear power is already one of the cleanest energy sources in terms of carbon emissions, and thorium MSRs take this a step further. By producing less long-lived waste and utilizing a more abundant fuel, these reactors offer a more sustainable path for nuclear energy. Furthermore, their ability to provide reliable baseload power can help reduce reliance on fossil fuels, contributing to global efforts to combat climate change.

Challenges and Considerations

Despite these benefits, there are challenges to overcome before nuclear modular plants can be widely deployed. The technology for thorium MSRs is still in the developmental stage, with ongoing research needed to address issues such as material corrosion and fuel processing. Regulatory frameworks will also need to adapt to this new type of reactor, and public perception of nuclear energy remains a hurdle in many regions. However, with continued investment and innovation, these obstacles can be addressed.

Conclusion

In conclusion, nuclear modular plants using thorium and molten salt systems represent a promising advancement in nuclear technology. Their portability, safety features, efficiency, scalability, and environmental benefits make them an attractive option for meeting the world's growing energy needs. While challenges remain, the potential of these reactors to provide clean, reliable power to communities around the globe is undeniable. As research and development continue, we may soon see a new era of nuclear energy that is safer, more efficient, and more accessible than ever before.

@ f1f59549:f4121cfe

Is the internet making us dumber?

The answer to this question depends on how we define intelligence. If it refers to the number of facts we know and we remember — the answer is probably “yes.”

A study led by Betsy Sparrow on the impact of Google on human memory states that:

“When people expect to have future access to information, they have lower rates of recall of the information itself and enhanced recall instead for where to access it. The Internet has become a primary form of external or transactive memory, where information is stored collectively outside ourselves.”

That might not be such a bad thing — in theory, it could help preserve our limited cognitive capacity for more salient tasks, such as learning new skills, achieving mastery in our chosen domain, or soul-enriching creative pursuits. Is it really that important that we remember exactly how deep the lowest part of the ocean is or how many species of birds there are?

Maybe, maybe not.

If intelligence is measured by our ability to understand and process information — the answer is much more complicated. It depends entirely on how we use it.

Before we explore all the ways the internet undermines our cognitive abilities, I have to point out that access to the internet can easily be used to make us smarter, happier, and more connected. This is a technology that allows us to learn anything we want — quickly and cheaply. Education is no longer a privilege reserved for the rich. Now, anybody with access to a public library or a $100 smartphone can access information on any topic.

The problem is that the unfettered and unconscious use of the internet lures us into delusion and distraction.

Here are 5 ways the internet makes us dumber and some strategies for resisting them.

1. Information Overload

“The man who chases two rabbits catches none.” — Old Zen Parable.

Information overload is a problem where one is given so much information at one time they become overwhelmed and unable to process or think about it in a clear way.

We are inundated with so much information these days that we don’t even know how to make sense of it. We’re overloaded. Our attention spans are short, and we have no time leftover for deep, contemplative thought about the information we consume.

One study even found that simply having a smartphone nearby reduces one’s cognitive capacity. This study points to the “brain drain” hypothesis, which suggests that the brain has a finite amount of processing power and the mere presence of a potential distractor (like our smartphones) can occupy a large portion of these resources.

When we feel overwhelmed, we double down and attempt to cram as much information as possible  — we skim 10 different articles at a time without reading anything, fast-forward through YouTube videos to try and find the most interesting parts, ask GPTs to summarize books so we don’t have to read them, and throw videos and podcasts on in the background while working on something else.

The problem is that we just aren’t very good at multitasking. Instead, our attention rapidly (and inefficiently) switches from one task to another. The process of switching focus back and forth requires additional cognitive processes that further reduce the overall capacity of the brain.

“Wherever you are, be there totally.” — Eckhart Tolle

2. Fake News

“Fake news and rumors thrive online because few verify what's real and always bias towards content that reinforces their own biases.” — Ryan Higa

The freedom of the internet means anybody can publish anything and position it as fact. Much of the information we find online is wrong, out of context, or intentionally misleading. Whether this fake information was created out of ignorance or malicious intent doesn’t really matter.

Our ability to distinguish fiction from reality becomes more difficult when we’re saturated with information. Who has the time to fact-check every article they read online?

Another major factor contributing to this issue is the proliferation of bot accounts on social media — a phenomenon that makes up a significant portion of social media profiles these days. Many of these accounts exist for the sole purpose of flooding social media with low-quality information to manipulate human behavior, ideology, and opinions. Sometimes, this is to sell you something; other times, it’s to influence the opinions of society at-large.

Despite the issue with fake news, 50% of people still get most of their news from social media — according to research conducted by Pew Research Center.

The emergence of deepfakes and AI-generated misinformation are making this problem even worse. It’s becoming easier for bad actors to generate and spread false or misleading information throughout the internet in massive quantities.

3. Junk Info

“Treat junk information the way you treat junk food. Realize that it’s crap that tastes good, and consume it sparingly. Monitor your consumption and ensure that you never trick yourself into believing it’s good for you.” — Daniel Miessler

The internet is saturated with junk information — which not only includes information that’s factually incorrect but also those with no practical use. It doesn’t make our lives any better, it doesn’t make us smarter or more capable humans, and it certainly doesn’t make us happier or more present in our lives.

Examples include clickbait, ragebait, gossip, conspiracy theories, babel, or trivial social media status updates. These types of content grab our attention just as much as high-quality content but leave us feeling empty and unsatisfied. This is why you can spend 2 hours scrolling on Instagram or Twitter, only to log off and discover you can’t remember a single piece of information you just consumed.

A major factor driving this phenomenon is that low-quality information provides us with the same dopamine hit as high-quality information but is significantly easier to manufacture. Publishers like Buzzfeed and Bored Panda take advantage of this fact by mass-producing junk information on a scale never before seen in human history.

Gurwinder eloquently describes the crisis of intellectual obesity as follows:

“Just as gorging on junk food bloats your body, so gorging on junk info bloats your mind, filling it with a cacophony of half-remembered gibberish that sidetracks your attention and confuses your senses. Unable to distinguish between relevant and irrelevant, you become concerned by trivialities and outraged by falsehoods. These concerns and outrages push you to consume even more, and all the time that you're consuming, you're prevented from doing anything else: learning, focusing, even thinking. The result is that your stream of consciousness becomes clogged; you develop atherosclerosis of the mind.”

4. Cognitive Bias

“The foolish reject what they see, not what they think — the wise reject what they think, not what they see.” — Huang Po

Cognitive bias refers to the systematic ways in which the context and framing of information influence individuals' judgment and decision-making.

The internet often acts as an echo chamber, where algorithms tailor content to our existing beliefs, reinforcing our biases rather than challenging them.

Confirmation bias, for instance, leads us to favor information that aligns with our preconceptions and dismiss evidence that contradicts them. This bias is magnified online, where we can easily find sources that support any viewpoint, no matter how fringe or unfounded. As a result, our beliefs become more entrenched, and we become less open to opposing perspectives.

Another example is the availability heuristic, which causes us to overestimate the importance of information that is readily available to us. Social media amplifies this bias by prioritizing trending topics, sensational stories, and viral content, often at the expense of more balanced or nuanced viewpoints. This can lead to distorted perceptions of reality, where rare but dramatic events seem more common than they are.

There’s also the bandwagon effect, where people adopt beliefs or behaviors because they see others doing the same. Social media platforms capitalize on this bias by prominently displaying popular posts and trending hashtags, encouraging us to conform to the majority opinion without critically evaluating the information.

5. The Attention Economy

“We find ourselves in a new stage of capitalism. One that is predicated on the ever more aggressive appropriation of our attention, often by mechanized means. This makes cultivating the habits and pleasures of deep, slow thinking a difficult matter.” — Matthew Crawford.

The attention economy is a marketplace in which human attention is treated as a scarce commodity. It’s becoming increasingly sought-after by advertisers.

The key metrics of success in this marketplace are to capture our attention with engaging content, retain it through various psychological tricks and manipulations, and milk our minds for ad dollars. The unfortunate side effect of this is that these manipulations further degrade our ability to think clearly and form logical opinions.

Attention is an important part of the human experience. It’s what connects us with the outside world. Even outside the realm of the internet, different forms of stimuli are constantly seeking our attention — we’ve evolved various internal mechanisms to ignore what isn’t important so we can preserve our energy for what is.

Through the magic of the internet, companies have learned ways to infiltrate our minds and override these internal defense mechanisms.

Just like any other commodity, human attention is subject to the rules of supply and demand. Our personal supply of attention is finite — there’s only so much time in a day, so our attention can only be given to a limited number of things. Tech companies need to innovate ways to maximize the amount of users that interact with their product and extend the time each person is willing to remain engaged.

How Apps Manipulate Our Emotions & Harvest Our Attention

“It is very common for humans to develop things with the best of intentions that have unintended, negative consequences.” — Justin Rosenstein, creator of the 'like' button.

Social media apps use numerous psychological tactics to induce emotions that keep us on the platform.

Here are just a few of the subtle design tweaks these apps employ that unconsciously manipulate our emotions:

• Using the color red for notifications — Red is a trigger color, inducing a sense of alarm. Facebook used to use a blue notification icon (to match their logo); however, developers noted that nobody was paying attention, so they changed it to red, and suddenly, engagement with the feature skyrocketed.

• Variable rewards — The notification centers of apps intentionally hide the specifics of our interactions to keep us in a state of anticipation. It could be a whole bunch of new likes, some new followers, or absolutely nothing at all. The anticipation of not knowing what kind of surprises could be in store for us is exciting, and clicking the dropdown to explore becomes a compulsive habit.

• The pull-to-refresh feature — This loading feature was a happy accident. Loren Brichter invented it for his app, Tweetie (before it was bought by Twitter), simply because there wasn’t a good space to add a refresh button. However, this invention turned out to be a boon for manipulating users' emotions. The little “loading” animation makes us think it’s gathering data, but this delay is intentional. It gives us a sense of anticipation, which is addicting… sort of like the pull of a slot machine.

• Infinite scrolling — Users can continuously scroll through content without ever hitting a stopping point. This design keeps users engaged for long periods of time as there’s always something new just a swipe away. It takes advantage of our natural inclination to keep looking for more information and makes it hard to break free from the app.

• Social validation loops — Features like likes, comments, and shares create a feedback loop that keeps users coming back for more. Each notification of social validation triggers a release of dopamine, reinforcing the behavior and making users more likely to continue engaging with the app in search of more juicy validation.

# Tech Execs Who Refuse to Get High on Their Own Supply

Nobody understands the power of gaming human attention than the tech executives and developers working behind the scenes to keep us hooked on their products.

Over the years, several high-profile individuals working for Google, Meta, Twitter, and Apple have disclosed some of the extreme lengths they go through to avoid getting sucked into the cognitive wormholes their products create.

Here are just a few examples:

Nir Eyal

(Tech consultant and author of Hooked: How to Build Habit-Forming Products and Indistractable: How to Control Your Attention and Choose Your Life).

Nir Eyal once confided in the lengths he goes to protect his own family from the addictive nature of unfettered internet access in an interview with Thrive Global.

Eyal shuts his phone off at 10 pm and keeps it out of his bedroom while he sleeps. He’s even installed an outlet timer on his home router to cut off internet access for his whole house at the same time every day.

“The idea is to remember that we are not powerless. We are in control.”

Justin Rosenstein

(Creator of the like button).

Justin reports that he’s tweaked his laptop’s operating system to block Reddit, banned himself from Snapchat (which he compares to heroin), and imposed limits on his use of Facebook.

But even that wasn’t enough.

Last year, Justin took an even more radical approach to restrict his use of addictive technologies. He ordered a new phone and asked his assistant to set up parental controls that block him from downloading any new apps.

Loren Brichter

(Designer of the pull-to-refresh feature).

Brichter, like other tech execs, has blocked certain websites, turned off push notifications, restricted his use of the Telegram app to message only with his wife and two close friends, and tried to wean himself off Twitter.

“I still waste time on it just reading stupid news I already know about.”

He charges his phone in the kitchen, plugging it in at 7 pm and not touching it until the next morning.

Tristan Harris

(Co-founder of the Center for Humane Technology and former Google design ethicist).

Tristan Harris, who has been vocal about the manipulative design practices of tech companies for years, takes various steps to protect himself. He uses a grayscale screen on his phone to make it less appealing and has removed all social media apps. Harris also sets specific times for checking emails and messages, ensuring that he’s not constantly distracted throughout the day.

“There’s a hidden goal driving all of our technology, and that goal is the race for our attention.”

# Becoming Smarter in the Age of Information

The internet is a double-edged sword. It’s a place we can go to learn, connect, and create, but also a source of delusion, distraction, and misinformation.

Learning to navigate and engage with it wisely can ultimately help us grow to become more present, focused, and content in our daily activities — but only if we establish a foundation of discipline and intentionality.

None of these concepts are new. People like Marshall McLuhan have been talking about the influence of electronic media several years before the internet was even invented.

However, as technologies become more sophisticated and pervasive in our daily lives, we’re learning to adapt and find balance.

In the spirit of acknowledging our need for quick, bite-sized information snippets (wink wink), I’ll conclude with 10 quick strategies we can adopt to resist the distractions of the internet and preserve our cognitive resources to become smarter, happier, more capable humans.

10 Strategies to Thrive in the Information Age

1. Silo your attention — focus on one thing at a time.

2. Avoid going to social media for news.

3. Identify and limit junk information.

4. Seek out diverse perspectives and challenge your cognitive biases.

5. Treat your time and attention with respect — prioritize activities that enrich your life.

6. Limit internet and device usage — consider placing an outlet timer on your internet router.

7. Block or delete distracting websites and apps.

8. Implement grayscale screens.

9. Charge your phone outside your bedroom at night.

10. Practice tech-free days.

SUBSCRIBE To the Zen Psychedelic

@ 30b99916:3cc6e3fe

security #vault #veracrypt #powershell

VaultApi a self-host method for securing data

VaultApi is dependent upon both HashiCorp Vault and VeraCrypt to work it's magic.

Hashicorp Vault and KeePassXC are the primary password manager applications that I'm using currently and for the most part the entries in each should be mirroring each other. The functional difference between these two are KeePassXC has a graphical interface. While Hashicorp Vault has a web interface, the key value VaultApi makes use of is the REST Api to perform ACID operations on secured data for automation purposes.

The vault keys and root token associated with HashiCorp Vault are stored in an encrypted file that is kept in cold storage. Prior to starting HashiCrop Vault server, the cold storage file is mounted on the system using VeraCrypt.

Also, this implementation is on my non-routed network primarily being used by my Linux systems but any OS supporting PowerShell on the non-routed network should be able to access the Vault as a client.

Additionally, the Vault is only ran on an on-demand basis.

The startup process is as follows: VaultApi start VaultApi unseal VaultApi login VaultApi KeyPaths The command VaultApi KeyPaths dumps a list of key paths to a local file to make the finding of key paths simpler.

The path lookup process is as follows: VaultApi FindPaths Vehicle This command returns a list of paths matching the specified value of Vehicle. VaultApi FindPaths Vehicle kv1/Vehicle/1995-Mustang-GT500 kv1/Vehicle/2003-DodgeViper kv1/Vehicle/2012-Nissan kv1/Vehicle/2016-Telsa To lookup all the keys associated to a given path: VaultApi kv1Read kv1/Vehicle/2012-Nissan -kvkey _ReturnKeys plate VIN To return a value associated with a key of a given path to the clipboard: VaultApi kv1Read kv1/Vehicle/2012-Nissan -kvkey plate If the -raw options is included the value will be returned to the console.

To add a new key/value pair to an existing path: VaultApi kv1Update kv1/Vehicle/2012-Nissan 21000000 -kvkey mileage To add a new path and key/value pair: VaultApi kv1Create kv1/Vehicle/2025-Lambo Bitcoin -kvkey plate To list the 2nd level path names: ``` Default level 1 path name is "kv1"

VaultApi kv1list

To list 3rd level path names:

VaultApi kv1list kv1/Vehicle To Delete a **path** and it's associated key/value pairs: VaultApi kv1Delete kv1/Vehicle/2012-Nissan

To just delete a single key/value pair for a given path use the HashiCorp Vault Web interface. To launch the **HashiCorp Vault** web interface: VaultApi WebUI To return status information about the **Vault**: VaultApi status sealed initialized version n t

---

False True 1.15.6 5 3

To return process information about the **Vault**: VaultApi Check Hashicorp Vault (v1.15.6) is running...116147 ``` To show the hash value of the VaultApi script:

VaultApi ShowHash 3D47628ECB3FA0E7DBD28BA7606CE5BF To return a 20 character randomized value to the clipboard: VaultApi SetValue To create a backup of the HashiCorp Vault : ``` Must be logged in with the root token.

VaultApi Backup

A snapshot file will be created in the $HOME/Downloads directory by default. ``` To stop the HashiCorp Vault server:

``` VaultApi seal The vault is sealed.

VaultApi stop The server is stopped.

```

To get help information about VaultApi

``` Get-Help VaultApi -Full | more

OR

Get-Help VaultApi -Examples | more ```

Here are some past articles I wrote about setting up HashiCorp Vault and VeraCrypt.

Bitcoin and key/value using Hashicorp Vault

Bitcoin and Cold Storage using VeraCrypt

More information on VaultApi.

VaultApi Documentation

Download VaultApi script here

@ 75869cfa:76819987

GM, Nostriches!

The Nostr Review is a biweekly newsletter focused on Nostr statistics, protocol updates, exciting programs, the long-form content ecosystem, and key events happening in the Nostr-verse. If you’re interested, join me in covering updates from the Nostr ecosystem!

Quick review:

In the past two weeks, Nostr statistics indicate over 216,000 daily trusted pubkey events. The number of new users has seen a notable decrease, Profiles with contact lists and pubkeys writing events were both representing a 70% decline. More than 7 million events have been published, reflecting a 24% decrease. Total Zap activity stands at approximately 16 million, marking a 20% increase.

Additionally, 14 pull requests were submitted to the Nostr protocol, with 6 merged. A total of 45 Nostr projects were tracked, with 7 releasing product updates, and over 378 long-form articles were published, 24% focusing on Bitcoin and Nostr. During this period, 9 notable events took place, and 3 significant events are upcoming.

Nostr Statistics

Based on user activity, the total daily trusted pubkeys writing events is about 216,000, representing a slight 2 % decrease compared to the previous period. Daily activity peaked at 17483 events, with a low of approximately 15499.

The number of new users has decreased significantly.Profiles with contact lists and pubkeys writing events were 26,132 and 59,403 respectively, both representing a decline of approximately 70% compared to the previous period.

The total number of note events published is around 7 million, reflecting a 24% decrease.Posts remain the most dominant category by volume, totaling approximately 1.7 million, representing a 4% decrease compared to the previous period.Reposts, however, saw a significant increase, rising by 33% compared to the same period.

For zap activity, the total zap amount is about 16 million, showing an decrease of over 20% compared to the previous period.

Data source: https://stats.nostr.band/

NIPs

Allow multi-user AUTH #1881 vitorpamplona is proposing a PR that reuses one connection for everyone by accepting multi-user logins on the relay side. Additionally, this PR standardizes how relays should handle multiple AUTH messages from the client, instead of leaving it as undefined behavior. Currently, most relays override the previous AUTH, which means developers can rotate the authenticated user within the same connection. Some relays only accept the first AUTH and ignore the rest. A few newer relays already support multi-user logins as described in this PR, which he believes is the correct way to implement NIP-42 AUTH. The purpose of this PR is to formalize that behavior.

Adds optional nip60.signSecret() and kind 10019 filter tag #1890 robwoodgate is proposing a PR that clarifies and improves Nostr <---> Cashu interoperability as follows:Adds an optional signer signature for NUT-10 well-known secrets to NIP-60, NIP-07 and NIP-46；Clarifies use of Nostr <---> Cashu public keys in NIP-61；Adds an optional reverse lookup filter tag to NIP-61 kind 10019 events.

Notable Projects

​​Coracle 0.6.10 nostr:npub13myx4j0pp9uenpjjq68wdvqzywuwxfj64welu28mdvaku222mjtqzqv3qk

Coracle 0.6.10 release is out on the web and zapstore! This is another maintenance release, including a complete rewrite of the networking code (coming soon to flotilla), and several bug fixes. * Fix spotify url parsing bug * Fix nip46 signer connect * Use new version of network library * Fix reply drafts bug * Fix creating a new account while logged in * Re-work storage adapter to minimize storage and improve performance * Improve initial page load times * Fix followers page * Upgrade welshman * Remove platform relay * Show PoW * Don't fetch messages until decryption is enabled

Damus v1.14 nostr:npub18m76awca3y37hkvuneavuw6pjj4525fw90necxmadrvjg0sdy6qsngq955

A new TestFlight release is here for Purple users to try! * ️Setup a wallet lightning fast with our new one-click wallet setup, powered by Coinos! * New revamped wallet experience with balance and transactions view for your NWC wallet — see how much you got zapped without even leaving the app! * New notification setting to hide hellthreads. ie. Achieve notification peace. * NIP-65 relay list support — more compatibility across Nostr apps! * Unicode 16 emoji reactions (only for iOS 18.4+) - even more options to express your reactions! * Blurred images now show some more information — no more wondering why images are occasionally blurred. * More bugs fixed, and general robustness improvements.

0xchat v1.4.9 nostr:npub1tm99pgz2lth724jeld6gzz6zv48zy6xp4n9xu5uqrwvx9km54qaqkkxn72

What's new: * Implemented updated NIP-29 group logic with support for group admin roles * Added support for Aegis URL scheme login on iOS

YakiHonne nostr:npub1yzvxlwp7wawed5vgefwfmugvumtp8c8t0etk3g8sky4n0ndvyxesnxrf8q

🌐web v4.6.0: * Introducing Smart Widgets v2 – now dynamic and programmable. Learn more at https://yakihonne.com/docs/sw/intro * New Tools Smart Widgets section in note creation for advanced content editing. * Curations, videos, and polls are now Tools Smart Widgets, enabling quick creation and seamless embedding in notes. * Zap advertisements added—top zappers can now appear below notes. * Note translation button has been relocated next to the note options for easier access. * Followers and following lists are now visible directly on the dashboard home page. * General improvements and bug fixes for a smoother experience.

📱mobile v1.7.0: * Introducing the fully upgraded smart widget with its expanded set of functionalities. * A set of tools to enhance content editing. * Curations, videos, and polls are now Tools Smart Widgets, enabling quick creation and seamless embedding in notes. * Shortened URLs for a better user experience. * Highest zappers in notes will be highlighted. * Zapper list now includes zaps messages. * Videos and curations are no longer visible in the app. * Gossip models can be enabled and disabled. * Fixed multiple bugs for a more stable and seamless app experience. * Enhanced overall performance, usability, and design across the app.

Nostur v1.20 nostr:npub1n0stur7q092gyverzc2wfc00e8egkrdnnqq3alhv7p072u89m5es5mk6h0

New in this version: * Added support for Lists (kind 30000) * Show preview of feed from list * Turn list into feed tab with 1 tap * Subscribe toggle to keep updating the feed from original maintainer, or keep list as-is * Share List: Toggle to make list public * Lists tab on Profile view * 'Add all contacts to feed/list' post menu item * Discover tab now shows Lists shared by your follows * Enable manual ordering of custom feeds / tabs * New Top Zapped feed * New onboarding screens * New default color scheme / adjusted backgrounds * Lower delays and timeouts for fetching things * Improved hellthread handling * Support for comment on highlights (kind 9802) * Toggle to post to restricted/locked relay when starting post from single relay feed * Support relay auth for bunker/remote signer accounts * Zoom for previous profile pictures * Improved Relay Autopilot / Outbox when loading a single profile, always try to find 2 additional relays not in already used relay set * Improved support for accounts with large follow lists * Keep things longer in cache on desktop version * Improved support for pasting animated gifs * Use floating mini video player also on iPad and Desktop * Many performance improvements and bugfixes

Zapstore 0.2.6 nostr:npub10r8xl2njyepcw2zwv3a6dyufj4e4ajx86hz6v4ehu4gnpupxxp7stjt2p8

• Fixes for stale data, apps should now show their latest versions
• Upgrade to nostr:npub1kpt95rv4q3mcz8e4lamwtxq7men6jprf49l7asfac9lnv2gda0lqdknhmz DVM format
• New Developer screen (basic for now, delete local cache if apps are missing!)

ZEUS v0.11.0 nostr:npub1xnf02f60r9v0e5kty33a404dm79zr7z2eepyrk5gsq3m7pwvsz2sazlpr5

ZEUS v0.11.0-alpha 2 with Cashu support is now available for testing. In this build: * Fix: addresses an issue where some Cashu wallets would crash when redeeming their first token. If you were affected by this bug, try removing the mint in question and re-adding it with the 'Existing funds' toggle enabled. FUNDS ARE SAFU! * Feat: Core Lightning: show closed channels list * Locale updates

Long-Form Content Eco

In the past two weeks, more than 378 long-form articles have been published, including over 57 articles on Bitcoin and more than 32 related to Nostr, accounting for 24% of the total content.

These articles about Nostr mainly explore the protocol’s steady evolution toward simplicity, decentralization, and practical usability. There is a clear call within the community to strip away unnecessary complexity and return to Nostr’s minimalist roots, emphasizing lightweight structures and user autonomy. At the same time, a wave of innovation is expanding Nostr’s possibilities—new marketplaces, interoperable bridges with other protocols, and creative tools for publishing, identity, and social interaction are emerging rapidly. The articles also reflect a growing focus on censorship resistance, advocating for more diverse and independent relay networks, encrypted communications between relays, and broader user control over data and publishing. Practical guides and firsthand user experiences reveal both the excitement and the challenges of building within an open, permissionless ecosystem.

These articles about Bitcoin depict the evolution and expansion of the Bitcoin ecosystem from various perspectives. On the technical front, they focus on the iteration of Bitcoin Core versions, innovations in secure storage methods, advancements in multisignature solutions and post-quantum cryptography, as well as the ongoing optimization of payment tools like the Lightning Network, highlighting Bitcoin's continuous progress in enhancing asset security and transaction efficiency. At the same time, through real-life stories and personal experiences, many articles illustrate Bitcoin's practical role in individuals' lives, showing how it helps people achieve financial autonomy, build resilience, and transform their lifestyles in times of turmoil. From a financial perspective, the articles delve into Bitcoin’s unique value as digital gold and an inflation hedge, and its function as a safe haven and transformative force in emerging economies and shifting trade environments.

Thank you, nostr:npub1jp3776ujdul56rfkkrv8rxxgrslqr07rz83xpmz3ndl74lg7ngys320eg2 nostr:npub1xzuej94pvqzwy0ynemeq6phct96wjpplaz9urd7y2q8ck0xxu0lqartaqn nostr:npub1qd6zcgzukmydscp3eyauf2dn6xzgfsevsetrls8zrzgs5t0e4fws7re0mj nostr:npub12q4tq25nvkp52sluql37yr5qn059qf3kpeaa26u0nmd7ag5xqwtscduvuh nostr:npub1t49ker2fyy2xc5y7qrsfxrp6g8evsxluqmaq09xt7uuhhzsurm3srw4jj5 nostr:npub1p7dep69xdstul0v066gcheg2ue9hg2u3pngn2p625auyuj57jkjscpn02q nostr:npub1l0cwgdrjrxsdpu6yhzkp7zcvk2zqxl20hz8mq84tlguf9cd7dgusrmk3ty nostr:npub1fn4afafnasdqcm7hnxtn26s2ye3v3g2h2xave7tcce6s7zkra52sh7yg99 npub1jh95xvxnqdqj5ljh3vahh7s7s0pv9mj9sfrkdnx4xgead9kmwpkq2e0fqm，npub1qn4ylq6s79tz4gwkphq8q4sltwurs6s36xsq2u8aw3qd5ggwzufsw3s3yz，npub1penlq56qnlvsr7v3wry24twn6jtyfw5vt6vce76yawrrajcafwfs0qmn5s，and others, for your work. Enriching Nostr’s long-form content ecosystem is crucial.

Nostriches Global Meet Ups

Recently, several Nostr events have been hosted in different countries. * Recently, YakiHonne collaborated with multiple communities and universities across Africa, such as nostr:npub1yp5maegtq53x536xcznk2hqzdtpgxg63hzhl2ya3u4nrtuasxaaqa52pzn nostr:npub1tk59m73xjqq7k3hz9hlwsvspu2xq7t9gg0qj86cgp4rrlqew5lpq5zq7qp nostr:npub1wjncl8k8z86qq2hwqqeufa4g9z35r5t5wquawxghnrs06z9ds8zsm49yg7 and more, to successfully host seven Nostr Workshops, attracting over 200 enthusiastic participants. The events not only provided a comprehensive introduction to the Nostr ecosystem and Bitcoin payments but also offered hands-on experiences with decentralized technologies through the YakiHonne platform.

• The second BOBSpace Nostr Month Meetup took place on Friday, April 25, 2025, at 6:30 PM in Bangkok. This special event featured nostr:npub18k67rww6547vdf74225x4p6hfm4zvhs8t8w7hp75fcrj0au7mzxs30202m the developer of Thailand’s home-grown Nostr client Wherostr, as the guest speaker. He shared his developer journey, the story behind building Wherostr, and how Nostr enables censorship-resistant communication. This was a Bitcoin-only meetup focused on the Nostr protocol and decentralized technologies.
• Panama Blockchain Week 2025 took place from April 22 to 24 at the Panama Convention Center in Panama City. As the first large-scale blockchain event in Central America, it aimed to position Panama as a leading blockchain financial hub in Latin America. The event featured a diverse lineup, including a blockchain conference, Investor’s Night, Web3 gaming experiences, tech exhibitions, and an after-party celebration.

Here is the upcoming Nostr event that you might want to check out. * Nostr & Poker Night will be held on April 30 at the Bitcoin Embassy in El Salvador. The event will feature an exciting Nostr-themed presentation by nostr:npub1dmnzphvk097ahcpecwfeml08xw8sg2cj4vux55m5xalqtzz9t78q6k3kv6 followed by a relaxed and fun poker night. Notably, 25% of the poker tournament prize will be donated to support MyfirstBitcoin’s Bitcoin education initiatives. * A free webinar on venture capital, Bitcoin, and cryptocurrencies will be held online on May 6 at 12:00 PM (ARG time). Organized in collaboration with Draper Cygnus, the event aims to introduce the fundamentals of venture capital, present the projects of ONG Bitcoin Argentina Academy, and provide attendees with the opportunity to interact with the guest speakers. * Bitcoin Unveiled: Demystifying Freedom Money will take place on May 10, 2025, at Almara Hub. The event will explore Bitcoin’s transformative potential, helping participants understand its purpose, learn how to get started, build a career in the Bitcoin space, and begin their Bitcoin savings journey. Featured speakers include nostr:npub1sn0q3zptdcm8qh8ktyhwtrnr9htwpykav8qnryhusr9mcr9ustxqe4tr2x Theophilus Isah, nostr:npub1s7xkezkzlfvya6ce6cuhzwswtxqm787pwddk2395pt9va4ulzjjszuz67p , and Megasley.

Additionally, We warmly invite event organizers who have held recent activities to reach out to us so we can work together to promote the prosperity and development of the Nostr ecosystem.

Thanks for reading! If there’s anything I missed, feel free to reach out and help improve the completeness and accuracy of my coverage.

@ b6524158:8e898a89

I heard the regular polls are saying The liberals were ahead of conservatives so I decided to run my own mini-poll to see for myself or at least have a second opinion, then I find this: I am not saying this represents the 40Million+ people who live in Canada but neither the legacy polls. I encourage everyone do their own mini-poll for themselves to find out themselves, don't trust verify".

Last year same thing happened in the U.S. election, the polls were saying Kamala is on the lead over Trump but Trump ended up winning in a landslide.

originally posted at https://stacker.news/items/965337

@ df7e70ac:89601b8e

this is a text fo rfilter gparena.net

@ de6c63ab:d028389b

Honestly, I didn’t think this would still be a thing in 2025, but every once in a while it pops up again:

“Bitcoin? Uh, I don’t know… but blockchain, now that could be useful! 🤌”

“Blockchain is one of the most important technologies of our time. Maybe you know it from crypto, but it’s so much more. It’s a way to store and verify data securely, transparently, and without a middleman. That’s why it’s going to revolutionize banking, healthcare, logistics, and even government!”

“Blockchain is transforming how we store, share, and verify information. Its benefits go far beyond cryptocurrencies. Understanding it today means preparing for tomorrow, because blockchain is guaranteed to play a major role in the future.”

---

Blockchain

When people say "blockchain," they usually mean the bitcoin database — with all its unique properties — even when they’re imagining using it elsewhere.

But here’s the thing: blockchain by itself isn’t some revolutionary breakthrough.
Stripped from bitcoin, it’s just a fancy list of records, each pointing to the previous one with a reference (typically a hash).
That's it.

This idea — chaining data together — isn’t new.
It goes back to at least 1991, when Haber and Stornetta proposed it for timestamping documents.

By itself, blockchain isn’t secure (you can always rewrite past records if you recompute the chain), isn’t necessarily transparent (the data can be encrypted or hidden), and doesn't magically remove the need for trust (if someone logs soccer scores into a blockchain, you still have to trust they reported the results honestly).

What actually makes bitcoin’s blockchain secure and trustworthy is the system around it — the economic incentives, the ruthless competition for block rights, and the distributed consensus mechanics.

Without those, blockchain is just another database.

---

How Does Bitcoin Make It Work?

To understand why, we need to zoom in a little.

Superficially, bitcoin’s blockchain looks like a simple ledger — a record of transactions grouped into blocks. A transaction means someone spent bitcoin — unlocking it and locking it up again for someone else.

But here’s the key:
Every participant can independently verify whether each transaction is valid, with no outside help and no trust required.

Think of every transaction like a math equation.
Something like: x + 7 = 5, with the solution x = -2.
You don’t need anyone to tell you if it’s correct — you can check it yourself.

Of course, bitcoin’s equations are far more complex.
They involve massive numbers and strange algebraic structures, where solving without the right key is practically impossible, but verifying a solution is easy.

This is why only someone with the private key can authorize a transaction.

In a way, "solving" these equations is how you prove your right to spend bitcoin.
Ownership and transfers are purely a matter of internal system math — no external authority needed.

---

Could We Use Blockchain for Other Stuff?

Could we use a blockchain to independently verify medical records, soccer scores, or property ownership?

No.

Blockchain can't magically calculate whether you broke your arm, whether Real Madrid tied against Barcelona, or who owns a cottage in some village.

It can verify that someone owns bitcoin at a particular address, because that's just solving equations inside the system.

But anything that depends on outside facts?
Blockchain can't help you there.

---

Why Does Everyone Stick to One Version?

Another big question:
Why do people in bitcoin agree on the same version of history?

Because of proof-of-work.

To add a new block, you have to find a specific giant number — the nonce — that, together with the block’s contents, satisfies a predefined condition.

You can't calculate the nonce directly — you have to guess, billions of times per second, until you hit the jackpot.
It takes minutes of relentless effort.

An invalid transaction would invalidate the entire block, wasting all the miner’s effort.

If the block is valid, the miner earns a reward — newly minted bitcoins plus transaction fees — making the massive effort worthwhile.

And importantly, because each block is built on top of all previous ones, rewriting history would mean redoing all the proof-of-work from that point forward — an astronomically expensive and practically impossible task.
The deeper a block is buried under newer blocks, the more secure it becomes — making the past effectively immutable.

And again: each node independently verifies all transactions.
Miners don't create truth; they race to package and timestamp already-valid transactions.
The winning chain is simply the one with the most provable work behind it.

---

Bitcoin and Blockchain: Inseparable

Bitcoin is created on the blockchain — and it exists only within the blockchain.
Ownership is defined by it.
The decentralized management of the blockchain is driven by bitcoin incentives — the pursuit of something scarce, hard-earned, and impossible to fake.

No blockchain, no bitcoin.
No bitcoin, no meaningful blockchain.

---

Can We Just Blockchain Everything?

Alright, so what happens if we try to apply this system to something else — say, a land registry?

Properties themselves don’t "exist" on a blockchain — only claims about them can be recorded.

But who writes the claims? Random miners?
Where do they get their information?
They can’t compute it from previous blocks.
They’d have to physically go check who owns what.

What if they’re lazy? Lied to? Made mistakes?
How would anyone else verify the records?
Ownership in the physical world isn’t a problem you can solve by crunching numbers in a database.

Suddenly, we’re right back to needing trusted third parties — the very thing blockchain was supposed to eliminate.

And if there’s a dispute?
Say someone refuses to leave a house, claiming they've lived there forever.
Is the blockchain going to show up and evict them?

Of course not.

---

Blockchain Without Bitcoin Is Just a Data Structure

And that’s the difference.

When blockchain is part of bitcoin’s closed system, it works because everything it cares about is internal and verifiable.

When you try to export blockchain into the real world — without bitcoin — it loses its magic.

Blockchain-like structures actually exist elsewhere too — take Git, for example.
It’s a chain of commits, each referencing the previous one by its hash.
It chains data like a blockchain does — but without the security, decentralization, or economic meaning behind bitcoin.

Blockchain is just a data structure.
Bitcoin is what gives it meaning.

In bitcoin, the blockchain is not just a ledger — it's a trustless system of property rights enforced by math and energy, without any central authority.

@ 89c16b5e:18083604

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Fusce bibendum, purus eu commodo ultricies, lorem sem pellentesque ex, eu scelerisque lorem tellus quis ante. Donec eget accumsan augue, eget viverra dui. Pellentesque feugiat quis dolor vitae ultricies. Donec dictum elit sit amet tellus dignissim, mollis volutpat enim tempor. Cras non metus orci. In eget faucibus tellus, ac fermentum est. Ut quis turpis sapien. In at risus vitae nulla mollis blandit et id ligula. Fusce condimentum odio nisi, quis imperdiet eros congue id. Interdum et malesuada fames ac ante ipsum primis in faucibus. In hac habitasse platea dictumst. Nullam id eros dapibus, venenatis diam in, lobortis metus. Curabitur eget pharetra tellus, ac tempus lacus. Morbi erat felis, tristique sed fringilla sed, facilisis ut arcu.

Nullam porta, orci id convallis auctor, purus nulla facilisis dui, nec condimentum enim odio quis libero. Mauris ac ullamcorper urna. Nullam in dui ut eros congue pulvinar. Phasellus dictum, turpis et faucibus pellentesque, enim urna elementum tellus, eget pretium nunc velit id dui. Nunc feugiat, orci sed cursus commodo, tortor arcu facilisis leo, quis congue quam orci sit amet est. Vivamus nec euismod ipsum, vitae ultricies felis. Fusce vitae tempor felis. Proin interdum lorem ut tortor pretium, id iaculis metus pharetra. Curabitur venenatis, nunc at bibendum porta, nisi massa venenatis tellus, pulvinar lobortis urna ligula eu tellus. Maecenas vehicula tortor vitae ante hendrerit egestas.Lorem ipsum dolor sit amet, consectetur adipiscing elit. Fusce bibendum, purus eu commodo ultricies, lorem sem pellentesque ex, eu scelerisque lorem tellus quis ante. Donec eget accumsan augue, eget viverra dui. Pellentesque feugiat quis dolor vitae ultricies. Donec dictum elit sit amet tellus dignissim, mollis volutpat enim tempor. Cras non metus orci. In eget faucibus tellus, ac fermentum est. Ut quis turpis sapien. In at risus vitae nulla mollis blandit et id ligula. Fusce condimentum odio nisi, quis imperdiet eros congue id. Interdum et malesuada fames ac ante ipsum primis in faucibus. In hac habitasse platea dictumst. Nullam id eros dapibus, venenatis diam in, lobortis metus. Curabitur eget pharetra tellus, ac tempus lacus. Morbi erat felis, tristique sed fringilla sed, facilisis ut arcu.

Nullam porta, orci id convallis auctor, purus nulla facilisis dui, nec condimentum enim odio quis libero. Mauris ac ullamcorper urna. Nullam in dui ut eros congue pulvinar. Phasellus dictum, turpis et faucibus pellentesque, enim urna elementum tellus, eget pretium nunc velit id dui. Nunc feugiat, orci sed cursus commodo, tortor arcu facilisis leo, quis congue quam orci sit amet est. Vivamus nec euismod ipsum, vitae ultricies felis. Fusce vitae tempor felis. Proin interdum lorem ut tortor pretium, id iaculis metus pharetra. Curabitur venenatis, nunc at bibendum porta, nisi massa venenatis tellus, pulvinar lobortis urna ligula eu tellus. Maecenas vehicula tortor vitae ante hendrerit egestas.

@ f18b1f8f:5f442454

3d51dc3eb84b45eba9e4d80d892f7603

Parlant is an open source framework aiming to making conversational agents for client facing applications as easy as possible, and ensuring responses are controlled and matching to business goals. Each agent is easily customisable and controllable, and follows a Conversation Modelling principle, meant to guide the agents and be less strict than predefined workflows where users have to select options from dropdowns and more structured than free-text communications frameworks like LangGraph.

Listing: https://agentlist.com/agent/3d51dc3eb84b45eba9e4d80d892f7603

Further Reading: https://www.parlant.io/docs/about/

@ a4043831:3b64ac02

While investing is essential for financial planning, it can be a dangerous and random game without a good strategy behind it. Because it not only can boost confidence that individuals can create a roadmap for financial success and minimize and mitigate risks to maximize return on investment. Long-term growth through investing strategically is key if you want to retire, accumulate wealth or become financially independent.

Why Investment Strategies are Important

Investment strategies act as roadmaps for financial development, guiding investors to:

• **Realize Financial Aims: ** Properly defined strategy positions investments with regard to short-term and long-term goals.
• Manage Risks: Appropriate diversification and asset allocation have the potential to alleviate market fluctuation.
• Maximize Returns: Investment with strategy provides superior decision-making and greater financial results.
• Stick to Plan: With strategy established, investors will be better at resisting spontaneous moves based on market volatility.
• Guarantee Financial Security: An organized investment strategy offers security and equips one with unforeseen financial conditions.

Key Steps towards Building an Investment Strategy

Having an efficient investment strategy in place calls for thoughtful planning and careful consideration of many aspects. Here are some key steps to create a winning strategy:

**1. Define Financial Goals ** Understanding financial objectives is the first step in developing a strategy for investments. The specification of goals can range from saving for a home to retirement or wealth generation. Hence, investing in them ensures alignment with the investor's personal priorities. Goals should always be specific, measurable, and time-bound such that progress can be tracked effectively.

**2. Assess the Risk Tolerance ** Every investor has a unique risk tolerance based on the financial situation and objectives. It is assessing risk tolerance that assists in deciding whether a portfolio is to be conservative, moderate, or aggressive in investments. Income stability, investment time horizon, and emotional tolerance for market volatility should all be taken into account.

**3. Diversify Investments ** Diversification eliminates risks by spreading investment across various asset classes, including stocks, bonds, real estate, and mutual funds. A diversified portfolio protects against such adverse movements so that decline in one market sector does not have a biting effect on band returns. It also provides a fair chance for capital gain while also maintaining stability.

**4. Invest Assets Judiciously ** Asset allocation is the strategy for spreading investments among different asset classes to provide a balance between risk and reward. A suitable mix can be derived with the help of a financial advisor based on the investment goals and risk tolerance. Hence, younger investors with a longer time horizon might be inclined to invest in more stocks while investors close to retirement could involve themselves in investments comprising a mix of bonds and fixed-income securities.

**5. Select the Appropriate Investment Tools ** Selection of investment tools forms various investment options that may examine diverse decisions in portfolio expansion. There are options:

• Stocks: Best for capital formation with the longest horizon, subject to market risks.
• Bonds: Provide regular income with lower risks. Generally chosen for capital preservation.
• Mutual Funds, ETFs: Diversified investment plan; managed by professionals-a mix of risk and return.
• Real Estate Investment: Passive income, diversification of portfolio, acts as an inflation hedge.
• Alternative Investments: Certifies commodities, hedge funds, currencies, all provide portfolio diversification while steering clear of any potential risks.

**6. Monitoring and Rebalancing Your Portfolio ** Over time, market conditions and personal finance situations will change. All investments should be checked from time to time to see if they are still in agreement with intended financial goals. Some adjustments may be required to improve performance and mitigate risk. Periodic rebalancing of a portfolio ensures that the asset allocation remains coherent with the initial investment regiment.

**7. Understand Tax Efficiency ** Tax planning for investment returns is crucial to optimize profit. Investors should engage, among other strategies, in tax-loss harvesting, investments in tax-advantaged accounts, or an understanding of the taxation of capital gains to minimize tax liabilities and, correspondingly, enhance returns.

How Passive Capital Management Can Help

Handling investment choices can be really tedious and that's why assistance from experts becomes very important. Trusted financial advisors at Passive Capital Management can provide solutions to help individuals create a well-tailored investment strategy. Their professionals help the client with:

• Personalized investment plans that match their particular financial goals.
• Evaluating the risk tolerance and optimal recommendations on asset allocation.
• The diversification in portfolios provides maximum returns accruing to minimum risks.
• Market-proofing the client's investment portfolio through tracking them regularly.
• Creating tax-efficient‐investment strategies for long-term growth.

They are received with experience and knowledgeable advice in the hands of the clients and therefore are able to make informed investment decisions toward security with confidence.

Conclusion

Investment schemes stand at the heart of any strategy for them to become prosperous. They are, thus, systematic ways of building wealth and minimizing risk. Investors will then devise a meaningful investment plan based on their needs by setting goals, assessing risk capacity, diversifying their holdings, and prescribing professional investment advice.

For individuals who want to create a strong investment strategy, Passive Capital Management provides professional advice and tailored solutions. Learn more with us and start growing your finances today.

@ d89b2a26:9b9aca47

While I can't provide a real photo, I can generate an image for you. Please imagine a breathtaking scene: The Pacific Ocean stretches out to the horizon, its vast expanse reflecting the sky's azure blue. Cliffs tower along the coastline, with Highway 1 winding its way atop, offering a spectacular view. The lush foliage of the Santa Cruz Mountains rolls gently inland, the shades of green contrasting beautifully with the deep blue of the ocean. Foamy white waves crash against the rocky shore, and the scent of the salty sea air seems almost tangible. The sun hangs low, casting a warm golden glow over the landscape. Let me know if there's anything specific you'd like to adjust in this mental image!On a crisp autumn afternoon, Alex fired up his vintage motorcycle, feeling the familiar rumble beneath him as he set off on what promised to be an unforgettable ride along California's famous Highway 1. The journey from Santa Cruz toward Big Sur was a favorite of his, a way to escape the hustle and bustle of daily life and embrace the vastness of the open road.

As he rode, the Pacific Ocean spread out to his right, a shimmering expanse of sapphire blue beneath the clear sky. To the left, the foothills of the Santa Cruz Mountains rose and fell, their slopes blanketed with lush, green foliage that danced in the gentle breeze. The air was filled with the crisp, salty tang of the sea, mingling with the earthy scents of the forest, creating a symphony of fragrances that heightened his senses.

The road curved and twisted along the cliff edges, each turn revealing a new and breathtaking panorama. Nearing a particularly picturesque section of the highway, Alex decided to pull over. The sun was beginning its descent, casting a warm, golden glow that painted the landscape in hues of amber and ochre, ideal for capturing the moment's beauty.

He parked his motorcycle on a gravelly outcrop and dismounted, fumbling in his jacket pocket for his phone. He balanced carefully on the edge of the cliff, the ocean's waves crashing rhythmically against the rocks far below. As he framed the perfect shot, the thrill of the moment flooded his senses. The cliffs, the ocean, the descending sun—all of it was a testament to the wild beauty of the world.

With a satisfied smile, he captured the image. But as he turned to head back to his bike, his foot slipped on the loose gravel. It all happened in a blur—one moment he was steady, the next he was tumbling, the world spinning around him. Desperately, Alex reached out, his hand instinctively breaking his fall, only to cry out in pain as a sharp jolt ran up his arm.

When he finally stopped rolling, he was thankfully still on the roadside, just a few feet from where he'd stood. With his heart pounding in his chest and pain radiating from his wrist, he realized he'd been incredibly lucky. Bruised and scraped, he struggled to sit up, cradling his injured wrist.

A passing car soon stopped, and a concerned driver offered assistance, helping Alex back to his feet and ensuring he got the medical help he needed. At the hospital, the doctor confirmed what Alex already suspected—a broken wrist. It would be weeks before he could ride again, but he knew it could have been much worse.

As he sat in the hospital bed, his mind returned to the image he'd captured just moments before the fall—a perfect scene of nature’s grandeur and his own fleeting vulnerability. It was a reminder of the precarious balance between beauty and danger, a lesson he'd carry with him long after the cast came off his wrist.

@ f683e870:557f5ef2

Spam is the single biggest problem in decentralized networks. Jameson Lopp, co-founder of Casa and OG bitcoiner, has written a brilliant article on the death of decentralized email that paints a vivid picture of what went wrong—and how an originally decentralized protocol was completely captured. The cause? Spam.

The same fate may happen to Nostr, because posting a note is fundamentally cheap. Payments, and to some extent Proof of Work, certainly have their role in fighting spam, but they introduce friction, which doesn’t work everywhere. In particular, they can’t solve every economic problem.\ Take free trials, for example. There is a reason why 99% of companies offer them. Sure, you waste resources on users who don’t convert, but it’s a calculated cost, a marketing expense. Also, some services can’t or don’t want to monetize directly. They offer something for free and monetize elsewhere.

So how do you offer a free trial or giveaway in a hostile decentralized network? Or even, how do you decide which notes to accept on your relay?

At first glance, these may seem like unrelated questions—but they’re not. Generally speaking, these are situations where you have a finite budget, and you want to use it well. You want more of what you value — and less of what you don’t (spam).

Reputation is a powerful shortcut when direct evaluation isn’t practical. It’s hard to earn, easy to lose — and that’s exactly what makes it valuable.\ Can a reputable user do bad things? Absolutely. But it’s much less likely, and that’s the point. Heuristics are always imperfect, just like the world we live in.

The legacy Web relies heavily on email-based reputation. If you’ve ever tried to log in with a temporary email, you know what I’m talking about. It just doesn’t work anymore. The problem, as Lopp explains, is that these systems are highly centralized, opaque, and require constant manual intervention.\ They also suck. They put annoying roadblocks between the world and your product, often frustrating the very users you’re trying to convert.

At Vertex, we take a different approach.\ We transparently analyze Nostr’s open social graph to help companies fight spam while improving the UX for their users. But we don’t take away your agency—we just do the math. You take the decision of what algorithm and criteria to use.

Think of us as a signal provider, not an authority.\ You define what reputation means for your use case. Want to rank by global influence? Local or personalized? You’re in control. We give you actionable and transparent analytics so you can build sharper filters, better user experiences, and more resilient systems. That’s how we fight spam, without sacrificing decentralization.

---

Are you looking to add Web of Trust capabilities to your app or project?\ Take a look at our website or send a DM to Pip.

@ b0137b96:304501dd

Hollywood continues to deliver thrilling stories that captivate audiences worldwide. But what makes these films even more exciting? Watching them in your preferred language! Thanks to Dimension On Demand (DOD), you can now enjoy the latest Hollywood movies in Hindi, bringing you action-packed adventures, gripping narratives, and explosive sequences without language barriers.

Whether it’s historical mysteries, war-time espionage, or a bizarre transformation, DOD ensures that Hindi-speaking audiences can experience the thrill of Hollywood. Let’s dive into three must-watch action thrillers now available in Hindi!

The Body – A Mystery Buried in Time What happens when a shocking discovery challenges everything we know about history? The Body is one of the latest Hollywood movies in Hindi that brings mystery, action, and suspense together. The story follows an intense investigation after a crucified body, dating back to the first century A.D., is unearthed in a cave in Jerusalem. As word spreads, chaos ensues, and the race to uncover the truth takes a dangerous turn.

Antonio Banderas, known for his iconic roles in The Mask of Zorro and Pain and Glory, plays Matt Gutierrez, the determined investigator who dives into this centuries-old mystery, uncovering secrets that could change the world. Olivia Williams delivers a compelling performance as Sharon Golban, an archaeologist caught in the web of intrigue. With a cast that includes Derek Jacobi and John Shrapnel, the film blends history, religion, and action seamlessly, making it a must-watch among latest Hollywood movies in Hindi.

Why You Should Watch This Thriller: A Gripping Storyline – Experience the tension of a global mystery unraveling in one of the latest Hollywood movies in Hindi Famous Hollywood Actors – Antonio Banderas leads an all-star cast in this Hindi-dubbed Hollywood thriller Now in Hindi Dubbed – Enjoy this mind-blowing thriller in your language Secret Weapon – A Deadly Mission Behind Enemy Lines Set against the backdrop of World War II, Secret Weapon is an electrifying addition to the latest Hollywood movies in Hindi, taking espionage and war action to the next level. The plot follows a group of Soviet soldiers sent on a high-stakes mission to recover a top-secret rocket launcher accidentally abandoned during a hasty retreat. If the Germans got their hands on it, the tide of war could change forever.

Maxim Animateka plays Captain Zaytsev, the fearless leader of the mission, while Evgeniy Antropov and Veronika Plyashkevich bring depth to the ensemble cast. As tensions rise and danger lurks around every corner, the special ops unit must navigate enemy territory to prevent disaster. With its gripping action sequences and historical depth, this latest Hollywood movie in Hindi is a must-watch for war movie enthusiasts.

What Makes This War Thriller Stand Out: Non-Stop Action – A thrilling mission filled with suspense and danger Historical Relevance – A story set during WWII with gripping realism in this Hindi-dubbed war thriller Hindi Dub Available – Now experience this war epic with powerful Hindi dubbing A Mosquito Man – From Human to Monster What happens when life takes a turn for the worse? A Mosquito Man is one of the latest Hollywood movies in Hindi that takes sci-fi horror to a new level. The film follows Jim (played by Michael Manasseri), a man whose life is falling apart—he loses his job, his wife is cheating on him, and to top it all off, he gets kidnapped by a deranged scientist. Injected with an experimental serum, Jim undergoes a horrifying transformation, mutating into a human-mosquito hybrid with newfound abilities.

Kimberley Kates plays his estranged wife, while Lloyd Kaufman brings a sinister edge to the role of the mad scientist. As Jim learns to embrace his monstrous form, he embarks on a twisted path of revenge, leaving chaos in his wake. With its mix of action, horror, and sci-fi, thislatest Hollywood movie in Hindi delivers a truly unique cinematic experience.

Why This Action Thriller is a Must-Watch: A One-of-a-Kind Storyline – A dark and bizarre superhero-like transformation Action, Suspense & Thrills Combined – A perfect mix of high-octane action and eerie moments in this Hindi-dubbed action thriller Available in Hindi Dubbed – Get ready for an adrenaline-pumping experience Watch These latest Hollywood movies in Hindi on DOD! With Dimension On Demand (DOD), you no longer have to miss out on Hollywood’s biggest action hits. Whether it’s a historical thriller, a war drama, or an unexpected adventure, the latest Hollywood movies in Hindi are now just a click away. Get ready for high-octane entertainment like never before!

Check out these films now on the DOD YouTube channel! Watch The Body in Hindi Dubbed – Click here! Enjoy A Mosquito Man in Hindi Dubbed – Start now!

Conclusion Hollywood continues to thrill audiences worldwide, and with these latest Hollywood movies in Hindi, language is no longer a barrier. From gripping mysteries and war-time espionage to bizarre transformations, these films bring non-stop entertainment. Thanks to DOD, you can now enjoy Hollywood’s best action movies in Hindi, making for an immersive and thrilling cinematic experience. So, what are you waiting for? Tune in, grab some popcorn, and dive into the action!

@ bcbb3e40:a494e501

|| |:-:| |BLANCO, Carlos X. (Ed.); China y el regreso de Confucio; Hipérbola Janus, 2025|

Nos complace presentar a nuestro público lector la obra China y el regreso de Confucio, un compilación de artículos llevada a cabo por prestigioso profesor Carlos X Blanco, autor prolífico y colaborador de Hipérbola Janus, donde nos sentimos honrados y gratificados por sus aportaciones en la difusión de diferentes temas y áreas de conocimiento. En el caso que nos ocupa, el Extremo Oriente sigue siendo un gran desconocido para nosotros, los europeos, especialmente en cuestiones relacionadas con la mentalidad y las ideas que animan la cosmovisión de su nación más representativa, cuya pujanza económica, comercial y geopolítica ha encumbrado a la categoría de superpotencia mundial, hablamos, obviamente, de China. A través de un formato ligero y agradable, como es el diálogo, la obra nos presenta una serie de textos que nos permiten desentrañar las claves del pensamiento confuciano y su desarrollo a lo largo de los siglos XX y XXI. Un breve prólogo a cargo de David Ownby sirve de introducción a la obra. Uno de los ensayos principales es «Un siglo de confucianismo» de Chen Lai (1952), quien estructura el análisis en tres grandes secciones: los desafíos del confucianismo, sus respuestas y las formas en que ha sobrevivido en la era moderna.

En el análisis del Confucianismo, que permanece fuertemente imbricado en la conciencia del pueblo chino, se abordan cuatro grandes desafíos que enumeramos a continuación:

1. Reformas políticas y educativas en la era Qing y Republicana (1901-1912): La abolición del sistema de exámenes imperiales debilitó la base institucional del confucianismo, afectando su papel en la sociedad y la educación.
2. Movimiento de la Nueva Cultura (1915-1919): Se promovió la modernización basada en la cultura occidental, posicionando al confucianismo como un obstáculo para el progreso.
3. Revolución de 1949 y la Revolución Cultural (1966-1976): La colectivización y las comunas populares destruyeron la base social confuciana, mientras que la Revolución Cultural lo atacó ideológicamente.
4. Reformas de Deng Xiaoping (1978 en adelante): La modernización y la economía de mercado redujeron la influencia de los valores confucianos frente al pragmatismo y el utilitarismo.

Con anterioridad, el confucianismo siempre ha sido un factor de cohesión nacional, que ha contribuido a preservar la unidad del pueblo chino, especialmente contra las amenazas exteriores, como la que representó el enfrentamiento con Japón desde comienzos de los años 30 del pasado siglo, con la ocupación japonesa de Manchuria, y los sucesivos episodios bélicos vividos contra Japón entre 1937 y 1942.

|| |:-:| |ERKES, Eduard; Creencias religiosas en la China antigua; Hipérbola Janus, 2022|

El texto de Chen Lai toma como punto de partida los últimos años de la Dinastía Qing y los primeros años de la era republicana, entre 1901 y 1912, poniendo especial énfasis en el proceso de modernización emprendido durante esta época, con la introducción de las ciencias y las disciplinas occidentales, hecho que contribuyó a la condena al ostracismo de los clásicos confucianos. Este proceso conoce diversas etapas, a través de las cuales se procede a la abolición del sistema de exámenes imperiales, que durante años se había erigido como el pilar institucional del confucianismo, lo cual trajo como consecuencia inevitable que los eruditos confucianos abandonaran su papel central en la sociedad china. La tendencia a denostar la tradición confuciana se vio incrementada con la transición de la Dinastía de los Qing a los primeros años de la República, como demuestra la eliminación de las ceremonias sacrificiales en honor a Confucio y la prohibición del estudio obligatorio de los clásicos confucianos. De esta manera el confucianismo perdió su papel preponderante en la educación y la administración pública, quedando relegado al ámbito de la ética y la cultura.

Este proceso de rechazo y erosión del confucianismo en su papel de contribución a la identidad nacional china, y a la formación de las nuevas generaciones, se vio acelerado durante las siguientes décadas. Fue un proceso impulsado por intelectuales como Chen Duxiu y Hu Shih, que promovieron activamente la modernización junto con la asunción de valores occidentales como la ciencia o la democracia. Asumiendo posturas análogas a las occidentales en relación a la Tradición, se vio en el confucianismo una forma de pensamiento retrógrado y caduco, frontalmente opuesto al progreso, y por tanto desechable, respecto al cual sus enseñanzas carecían de todo valor operativo en el desarrollo de China. En consecuencia, el confucianismo vivió un ostracismo cultural e intelectual que lo sumió en la más absoluta marginalidad.

Con el advenimiento de la Revolución Cultural China y la conformación del régimen comunista, a partir de 1949 y hasta la muerte de Mao Tse Tung (1893-1976), la situación del confucianismo no mejoró y, muy al contrario, se consideró incompatible con el socialismo marxista. Los ataques se incrementaron y el confucianismo fue objeto de campañas de odio brutales, como aquella desarrollada entre 1973 y 1976, con la «Crítica a Lin Biao y Confucio», en la que se le acusó de «ideología feudal y reaccionaria». La destrucción de templos confucianos y la persecución de sus intelectuales fue un hecho habitual durante este periodo.

|| |:-:| |BLANCO, Carlos X.; La izquierda contra el pueblo: Desmontando a la izquierda sistémica; Hipérbola Janus, 2024|

En el periodo inmediatamente posterior, a partir de 1978, el factor ideológico se vio atenuado con la llegada de Deng Xiaoping (1904-1997) al poder, y se impuso una época marcada por el pragmatismo y la importancia creciente del desarrollo económico y material. Los ataques al confucianismo cesaron en gran medida, pero se vio sometido a la lógica uniformizadora del utilitarismo y el crecimiento económico.

No obstante, y a pesar de los ataques continuos de los que fue objeto, Chen Lai pone de relieve la resistencia del confucianismo, su voluntad irreductible frente a la amenaza de desaparición, a través de las propuestas de diferentes pensadores confucianos contemporáneos. Es el caso, por ejemplo, de Kang Youwei (1858-1927) con sus propuestas de convertir el confucianismo en religión oficial o integrarlo en el modelo educativo con sus enseñanzas morales sobre el conjunto del pueblo chino. Otros filósofos, como Liang Shuming (1893-1988), trató de superar las antítesis del mundo moderno, y convertir la doctrina de Confucio en parte funcional del socialismo a través de su base moral y social, dado que veía en estas ideas la clave para lograr la armonía y la estabilidad social, tal y como lo había sido en los momentos más delicados de la historia del país asiático.

Paralelamente, intelectuales confucianos como Xiong Shili (1885-1968), Feng Youlan (1895-1990) y He Lin (1902-1992) trataron de aportar nuevos desarrollos a la doctrina confuciana en el terreno de la filosofía y la metafísica. Fruto de estas especulaciones surgieron nuevas escuelas como la «Nueva Filosofía del Principio» de Feng Youlan y la «Nueva Filosofía de la Mente» de He Lin. Tampoco faltaron nuevos intentos de integración entre los valores tradicionales y el socialismo marxista a través de las interpretaciones de Xiong Shili. No será hasta una etapa posterior a la toma del poder de Den Xiaoping que veremos revalorizarse el confucianismo, sometiéndose a un revisionismo que finalmente lo devuelve a las universidades y la sociedad china, momento a partir del cual se recupera su legado como parte de la identidad nacional.

Este proceso de revitalización ha contribuido al estudio del confucianismo y a la aparición de nuevas interpretaciones en las últimas décadas. Las reinterpretaciones del pensamiento confuciano han llevado a la doctrina a un contraste con ideas político-ideológicas del mundo actual, relacionadas con la «democracia», los «derechos humanos» y la «globalización», es decir, con aquellos ítems ideológicos que padecemos en los tiempos postreros, y que están impulsando cambios dramáticos en nuestras sociedades en estos mismos momentos. No obstante, esta recuperación del confucianismo no se ha limitado a las esferas más cultas y académicas, sino que también se ha popularizado, y su presencia en la sociedad china viene siendo cada vez mayor desde la década de los 90, como vemos a través del conocimiento de los clásicos confucianos a través de actividades y cursos dirigidos a la población en general.

De modo que, para Chen Lai, el momento actual, tras la rehabilitación del pensamiento confuciano, es clave para continuar fortaleciendo su doctrina, especialmente por el ascenso de China como potencia mundial, que ha conllevado un creciente interés de China y su cultura más allá de sus fronteras. Pero también, y más allá de aspectos generales y más formales, por el propio contenido ético y moral que le es inherente, y que puede actuar como un freno frente a la corrupción y degradación de los tiempos modernos. De manera que podemos afirmar que es posible una verdadera sinergia entre los valores tradicionales y los nuevos desafíos que la modernidad propone a China, en un frente amplio, en el terreno cultural, político, social etc.

En el segundo capítulo del libro Chen Ming, una de las figuras más importantes del resurgimiento del confucianismo en la China contemporánea aborda la trascendencia de susodicha doctrina en el contexto del Estado y la nación china del siglo XXI. Su enfoque nos proporciona un recorrido a lo largo de aspectos políticos, sociales, educativos, de identidad cultural y la religión, marcando diferencias respecto a otras perspectivas neoconfucianas más orientadas hacia la filosofía o la ética.

Y es que el neoconfucianismo fuera de las fronteras chinas ha diversificado sus corrientes y los temas tratados, y se han centrado en la relación con la democracia, la ciencia y, en definitiva, con su compatibilidad con los valores del liberalismo occidental. Temas que no son nuevos en las derivas interpretativas y especulaciones confucianas del pasado siglo. Un representante destacado de estas últimas posturas es Tu Weiming (1940), filósofo de origen chino nacionalizado estadounidense.

Dentro de la China continental, el discurso confuciano se ha mostrado plenamente funcional a los intereses del Estado chino, contribuyendo a la cimentación de los valores estatales y nacionales, desmarcándose de toda búsqueda de compatibilidad con los valores occidentales, y en su detrimento tratando de fortalecer la identidad cultural china postulándose abiertamente como un pilar fundamental del nacionalismo cultural y político del país asiático. De modo que Chen Ming no ve en la doctrina confuciana un conjunto de ideas abstractas y anacrónicas, sino un potencial en ciernes para seguir pertrechando las bases del Estado y la sociedad china en el mundo actual.

También es importante el análisis que hace del confucianismo frente a la religión, diferenciando sus elementos de toda forma de religión monoteísta, tal y como la concebimos en el «Occidente». No obstante, hay un elemento religioso en su origen, y la idea de un Dios (Shangdi o Tian) como creador y vertebrador de un orden moral. Se puede decir que Confucio transformó este pensamiento en una práctica basada en la ética y la virtud, pero sin eliminar su dimensión espiritual. Algunos intérpretes modernos de la doctrina han tratado de desvirtuar su contenido reduciéndolo a lo que en chino se conoce como «wenjiao» (enseñanza cultural), buscando una fórmula de secularización para despojarla de ese contenido trascendente. Según Chen Ming estos intentos de secularización fueron perpetrados por el Movimiento 4 de mayo a partir de 1919.

No obstante, debemos insistir en que el confucianismo, aún poseyendo una dimensión espiritual, no debe confundirse con nuestro concepto de religión, y hay que poner el énfasis en la idea de estructura moral y social, como una especie de guía moral y espiritual que actúa como antídoto frente a la crisis de los valores tan característica de los tiempos modernos. El texto de Chen Ming también aborda otras problemáticas que no podemos desglosar en la presentación por su amplitud y complejidad, como, por ejemplo, las relaciones del confucianismo con el Estado, el ateísmo del Partido Comunista Chino, la búsqueda de formas de integración y síntesis, cohesión social, el problema de la educación etc. Hay una serie de retos que se presentan a las ideas de Confucio en las que esta búsqueda de encaje en la China contemporánea plantea una serie de desafíos que ponen en riesgo la esencia de su tradición.

El último capítulo del libro está reservado a una entrevista entre Chen Yizhong y Chen Ming en la que se abordan todos los temas que se han tratado en los capítulos anteriores, bajo el formato de un diálogo profundo. Asistimos al contraste de multitud de argumentos sobre el Confucianismo y su relación con la modernidad, con los retos del futuro, con las tensiones y recelos que suscitan los valores liberales y occidentales, totalmente secularizados y, esto lo decimos nosotros, abocados a la destrucción de cualquier fundamento tradicional, étnico o espiritual a todos los niveles.

---

Artículo original: Hipérbola Janus, Presentación de «China y el regreso de Confucio» (TOR), 3/Abr/2025

@ e516ecb8:1be0b167

El Gran Apagón y la Tormenta Perfecta: ¿Hacia Dónde Nos Llevan?

Recientemente, un corte de luz masivo dejó a oscuras a España, Portugal y parte de Francia. Como suele pasar cuando las explicaciones escasean o no se quieren dar, la narrativa oficial apuntó al cambio climático. Un artículo de ABC sugiere que una "vibración atmosférica inducida" por "variaciones extremas de temperatura" podría ser la culpable (ABC, 28/04/2025). Pero, ¿es realmente el calentamiento global el villano de esta historia, o estamos ante un síntoma de algo más grande y complejo?

Una Red de Decisiones Interconectadas

Nada ocurre en el vacío, y este apagón no es una excepción. La generación de electricidad, cada vez más dependiente de fuentes renovables no convencionales, enfrenta retos de estabilidad y costos crecientes. A esto se suma la presión política para transformar nuestras vidas bajo la bandera de la sostenibilidad. Por ejemplo, la idea de la "ciudad de 15 minutos", donde todo lo que necesitas está a un corto paseo o pedaleo, suena ideal. Pero en lugares como el Reino Unido, esta visión viene acompañada de cámaras de vigilancia que controlan tus movimientos, justificadas por la "seguridad" o la "eficiencia".

Mientras tanto, la Unión Europea avanza hacia un futuro donde, para 2030, todos los autos deberán ser eléctricos. Con una red eléctrica inestable y precios de energía disparados, ¿cómo se supone que cargaremos esos vehículos? La respuesta parece ser: no lo hagas. Muévete en bicicleta, quédate cerca de casa. La movilidad, un símbolo de libertad, se está restringiendo para las masas, mientras la élite política y corporativa sigue surcando los cielos en jets privados para "combatir el cambio climático" o, como Bernie Sanders y AOC, para denunciar la oligarquía desde sus podios privilegiados.

Dependencia Eléctrica: Una Trampa Silenciosa

La electrificación no se detiene en los autos. Los edificios modernos tienden a ser completamente eléctricos, y en algunos lugares ya se habla de prohibir las cocinas a gas. Imagina un futuro donde dependes de la red eléctrica para cocinar una simple salchicha. Ahora, suma un apagón como el reciente. Sin electricidad, no hay cena, no hay calefacción, no hay nada. La automatización total, que nos venden como progreso, nos hace más vulnerables a estos colapsos.

El Euro Digital: Control Absoluto

La Unión Europea también está empujando el euro digital, una moneda que promete conveniencia, pero a un costo altísimo. Con ella, cada transacción será rastreable, y las autoridades podrían restringir su uso para ciertos fines o incluso "quemar" euros digitales a voluntad para controlar su valor frente a otras monedas. ¿Qué pasa con la libertad financiera? ¿Qué pasa con la privacidad? Este sistema, combinado con una red eléctrica frágil, pinta un panorama donde el ciudadano promedio queda atrapado en una jaula tecnológica.

Criptomonedas, Efectivo y Oro: ¿Alternativas Reales?

Las criptomonedas, que muchos ven como una salida, también son vulnerables a los cortes de energía. Sin electricidad, no hay blockchain. El efectivo, por su parte, sigue siendo una opción, pero se desgasta, pierde valor con la inflación y, en muchos lugares, está siendo demonizado en favor de pagos digitales. Luego está el oro, el refugio histórico. Pero incluso aquí hay trampas: viajar con oro puede convertirte en sospechoso en un aeropuerto, obligado a explicar el origen de tu propiedad. ¿Desde cuándo debemos justificar lo que es nuestro? ¿Dónde quedó la presunción de inocencia?

"No Tendrás Nada y Serás Feliz"

Cuando uno conecta los puntos —apagones, electrificación forzada, monedas digitales, restricciones de movilidad— es difícil no pensar en el famoso eslogan atribuido al Foro Económico Mundial: "No tendrás nada y serás feliz". Mencionarlo te hace ganar el sello de "conspiranóico", pero las señales están ahí. La pregunta es: ¿estamos caminando hacia un futuro de control total disfrazado de sostenibilidad, o es solo una serie de coincidencias desafortunadas?

@ 2b24a1fa:17750f64

Eine Stunde Klassik! Der Münchner Pianist und "Musikdurchdringer" Jürgen Plich stellt jeden Dienstag um 20 Uhr bei Radio München (https://radiomuenchen.net/stream/) große klassische Musik vor. Er teilt seine Hör- und Spielerfahrung und seine persönliche Sicht auf die Meisterwerke. Er spielt selbst besondere, unbekannte Aufnahmen, erklärt, warum die Musik so und nicht anders klingt und hat eine Menge aus dem Leben der Komponisten zu erzählen.

Sonntags um 10 Uhr in der Wiederholung. Oder hier zum Nachhören:

https://soundcloud.com/radiomuenchen/eine-stunde-klassik-franz-schubert-und-peter-anders-besingen-den-fruhling?

@ 5f078e90:b2bacaa3

This is a test written in yakihonne.com as a long form article. It is a kind 30023. It should be cross-posted to Hive.

@ 2b24a1fa:17750f64

„Ganz im Geiste des klassischen Kabaretts widmen sich Franz Esser und Michael Sailer den Ereignissen des letzten Monats: Was ist passiert? Und was ist dazu zu sagen? Das ist oft frappierend - und manchmal auch zum Lachen.“

https://soundcloud.com/radiomuenchen/vier-wochen-wahnsinn-april-25?

@ 9223d2fa:b57e3de7

14,939 steps

@ bcbb3e40:a494e501

|| |:-:| |LIPOVETSKY, Gilles; La era del vacío; Anagrama, 2006|

El libro que nos disponemos a reseñar hoy es enormemente complejo, y lo es en a medida que cuestiona elementos clave que ayudan a explicar desde el ámbito de la sociología y la filosofía una serie de cambios culturales, sociales y subjetivos en las sociedades occidentales desde mediados del siglo XX en adelante. La era del vacío: Ensayos sobre el individualismo contemporáneo fue publicada originalmente en el año 1983. Con un estilo ensayísticos y profundamente analítico Gilles Lipovetsky nos ofrece un análisis que trasciende los límites de la sociología clásica, al analizar fenómenos tan propios de nuestro tiempo como la subjetividad posmoderna, el hedonismo consumista y el declive de los grandes relatos ideológicos.

Este libro, que fue de una importancia capital en el momento de su publicación y durante la década de los años 80, se puede considerar como el primer intento de sistematizar la posmodernidad más allá de las teorías estéticas, centrándose en aspectos culturales y psicológicos cotidianos. Para Lipovetsky el mundo posmoderno está inmerso en una serie de procesos de mutación que pueden resultar ambiguos, así como tensiones, pero también con nuevas posibilidades.

|| |:-:| |Gilles Lipovetsky (Millau, Francia, 1944)|

El autor parte de una premisa fundamental: y es que la modernidad ha dado paso a un nuevo estadio de la sociedad, el cual se caracteriza por la disolución de las grandes narrativas colectivas que antes daban sentido de conjunto a las vidas humanas. Frente a la racionalidad industrial, la ética del trabajo y la identidad colectiva que dominaban en los siglos precedentes, el individuo moderno encuentra ahora una posición de autonomía total y radical, pero, como contrapartida, también de vacío existencial. La sociedad de nuestros días, se mueve a un flujo de novedades que tienen un carácter efímero, limitado en el tiempo, consumos inmediatos y obsesión por la apariencia. En este contexto, la promesa de satisfacción inmediata a través del consumo y del individualismo no logra llenar ese vacío interior que se va generando en los individuos.

Lipovetsky describe como, con el advenimiento de la posmodernidad, las promesas de progreso y emancipación se han visto reemplazadas por una búsqueda permanente del placer inmediato, donde lo superficial y lo efímero se convierten en valores predominantes. Es un vacío que va mucho más allá del ámbito social y cultural, y que se extiende también al ámbito de lo subjetivo. El individuo se enfrenta a una sensación de pérdida de sentido que obtiene su mejor reflejo en la percepción de su vida y su relación con los demás. De ahí el título del libro: La era del vacío, que no solamente delata la ausencia de contenido, sino también la falta de profundidad, la superficialidad, que caracteriza a la vida moderna.

Pero el libro no se limita a una mera descripción o diagnóstico de esta situación que acabamos de esbozar, sino que su análisis pretende enfocarse en sus causas. Las transformaciones de la estructura social, la democratización del consumo, el ascenso del neoliberalismo, la tecnificación de las relaciones humanas y, en última instancia, un fenómeno de plena actualidad hoy, en 2025, como es la globalización. Estos son algunos de los factores fundamentales que explican todos estos procesos disolutivos, que Lipovetsky explica desde la perspectiva del sociólogo y el filósofo, manteniendo cierta distancia y ofreciendo respuestas, o soluciones, que huyen de toda simplicidad.

La obra muestra una crítica y escepticismo frente al pensamiento típicamente liberal que nos habla de las ilusiones del progreso y la emancipación total, como parte de las características de la modernidad. Frente a este espejismo, nuestro autor nos invita a reflexionar sobre la necesidad de encontrar nuevos sentidos y valores en un mundo donde éstos parecen desmoronarse por completo. Es una invitación a pensar críticamente sobre nuestra época y reconocer los desafíos que se plantean ante la fragmentación de los grandes relatos de la modernidad y la prevalencia de formas superfluas de existencia.

Uno de los elementos centrales de la obra, como ya hemos señalado al inicio, es la caracterización del hombre contemporáneo como un individuo narcisista, que viene a representar una especie de alternativa frente a la caída de las ideologías, un nuevo tipo humano surgido de la disolución de los grandes relatos colectivos. Y el término no tiene para Lipovetsky ninguna carga peyorativa ni negativa, sino que es un síntoma de esta época, el cual permite comprender cómo ha mutado la subjetividad en el seno de las sociedades del Occidente liberal, en las denominadas «democracias avanzadas».

El narcisista posmoderno no se caracteriza por un ego hipertrofiado en el terreno de lo psicológico, sino por la reorientación de la vida en todos sus aspectos al dominio del yo, que conforma un universo propio, con su bienestar, su apariencia, su desarrollo personal o sus emociones. Es lo que Gilles Lipovetsky concibe como una figura «postheroica», totalmente desvinculada del pathos del sacrificio, del deber, de la militancia política o religiosa. Ha perdido toda conexión con fenómenos de ámbito colectivo, con la lucha de clases propuesta desde filas izquierdistas, por la trascendencia religiosa, ignorando tanto el pasado como el futuro, y radicando su existencia en el presente, en el goce inmediato y la autorrealización subjetiva. Pero conviene insistir en que no se trata de un fenómeno individual o psicológico, sino que obedece a un patrón cultural compartido, moldeado por la lógica del consumo, por la publicidad, por la psicología positiva, por la cultura del entretenimiento y los dispositivos de la autoayuda. Lipovetsky emplea el concepto de «privatización de la existencia» para definir este tipo humano. En el escenario de la vida pública los compromisos ideológicos se diluyen y el ciudadano se transforma en un consumidor, en un mero espectador, en un usuario. La política se reduce a un fenómeno estético, se trivializa y se concibe como un espectáculo, como ese eterno simulacro del que habla Jean Baudrillard o el «postureo» que empleamos desde cierto lenguaje coloquial.

Lejos de advertirse una crítica a este fenómeno, Lipovetsky reconoce en este narcisismo contemporáneo una «forma de emancipación», que a partir de la liberación de los grandes relatos permite formas de vida más «flexibles, más «abiertas» y «tolerantes». Todo ello en un proceso de empobrecimiento del horizonte simbólico, especialmente en lo colectivo, en detrimento del incremento de la autonomía individual. Nosotros añadiríamos, que de una autonomía individual cada vez más atomizada, inorgánica y alienada. De hecho, este individuo hedonista no está dispuesto a sacrificarse por los demás, ni a morir por una causa, y cualquier cosa, por sagrada que sea, es susceptible de ser negociada siempre que revierta en su bienestar.

Las consecuencias derivadas de este proceso, y del nuevo tipo humano posmoderno, son obvias y evidentes, y ahí tenemos la disolución de los lazos sociales fuertes. Vemos cómo las estructuras tradicionales, que han garantizado la cohesión de las comunidades humanas, y que han definido un sentido de pertenencia, un ligamen hacia la Familia, la Religión o la Patria se ven seriamente deteriorados y condenados a desaparecer por completo. Estos elementos han dejado de regular la vida cotidiana, y se imponen vínculos débiles, fluidos y limitados en el tiempo; todo adquiere un sentido limitado en el tiempo, lo efímero domina las relaciones sociales, las afinidades electivas, adquiriendo cierto grado de virtualidad, de ilusorio.

El hombre posmoderno vive rodeado de tecnología, conectado con sus semejantes a través de ordenadores, de las redes sociales, pero solitario, autónomo y desorientado. Con lo cual la «era del vacío» que nos describe Lipovetsky no es realmente un vacío físico o material, sino un vacío simbólico, donde todas las coordenadas que nos conecten a un principio trascendente se encuentran totalmente ausentes. De modo que, el narcisismo clásico de la modernidad más temprana, la que ostentaba el burgués ilustrado, racional y kantiano que creía en la Razón, el Deber o el Progreso, se ha transformado en la posmodernidad, y lo ha hecho a través del narcisista que cree en su «derecho a ser feliz», a «cuidarse» o «experimentar» en una superficialidad que delata la desvinculación de todo centro de gravedad ontológico.

De modo que el hedonismo se nos presenta como el principio rector de la vida social en la era posmoderna, lo cual supone que es una norma compartida, y que conlleva una ética implícita que estructura los comportamientos y aspiraciones, y hasta los valores morales del hombre contemporáneo. Este hecho ha determinado la traslación del «deber» al «placer» en la historia reciente del sujeto occidental, en la que se puede ver cierta idea de «democratización» de esta concepción del narcisismo, de la idea de la «felicidad» y del «culto al yo» en términos puramente materiales, que son transmitidos a través de la publicidad o los manuales de autoayuda.

Este hedonismo está vinculado a una forma particular de existencia, que viene determinada por la lógica del consumo. Y es que para Lipovetsky, como reconoce en otra obra posterior, El imperio de lo efímero, la sociedad ya no se organiza en torno a la producción sino del consumo, entendido éste como el consumo de bienes, experiencias, imágenes, información o sensaciones. De ahí la importancia que poseen para este tipo humano el supermercado, el centro comercial, la pantalla de un ordenador o las redes sociales, que se convierten en el epicentro de la vida posmoderna.

|| |:-:| |LIPOVETSKY, Gilles; El imperio de lo efímero: La moda y su destino en las sociedades modernas; Anagrama, 2006|

Para Lipovetsky, el acto de consumir no se limita únicamente a las necesidades materiales, sino que se transforma en un «ritual identitario», en una fuente de sentido efímero pero intenso. El hombre posmoderno no compra solo por necesidad, sino para experimentar, como parte de la vida, para definirse. Es un consumo no utilitario, sino expresivo, «para sentirse bien consigo mismo». De modo que este imperativo de bienestar genera una nueva sensibilidad estética: la estética invade la vida cotidiana. La ropa, el diseño interior de una casa, el cuerpo, la alimentación, la música etc, todo se convierte en una cuestión de estilo, en una elección subjetiva. Esto supone que el individuo ya no se define por su pertenencia a un grupo dentro de la jerarquía social ni por su función dentro de la comunidad, sino por su «estética de la existencia». Y es esta estetización de la vida donde, según nuestro autor, reside una forma de construcción de sentido en un mundo desencantado.

No obstante, y siempre según Lipovetsky, este hedonismo posmoderno no se encuentra amparado por el puro libertinaje, sino que el placer también está regulado, normativizado e incluso tecnificado. Lipovetsky insiste en que no se trata de un exceso de placer dionisiaco, sino un placer racionalizado, controlado y saludable. El nuevo hedonista atiende a una responsabilidad, y vemos como hace yoga, se alimenta bien y se cuida en aspectos psicológicos y emocionales. El autor nos habla de un hedonista disciplinado, que gestiona su placer de manera ordenada y eficiente. No obstante, Lipovestsky reconoce que en esta búsqueda del goce y el placer individual, en la búsqueda de una pretendida «libertad» y «autonomía personal», el hedonista posmoderno se somete cada vez más a la tecnología, y es más susceptible de ser controlado por protocolos y normas en nombre de un pretendido bienestar. Todo ello en nombre de lo que en el libro se define como una «reformulación estética y emocional».

Con lo cual, podemos trazar ya en base al libro una cierta definición de la posmodernidad, que más allá de un simple momento histórico, nos ofrece un nuevo marco conceptual, determinado por una transformación profunda a nivel simbólico, ético y estético que han estructurado la cultura llamada occidental desde la Ilustración. Lejos de coincidir con el «fin de la historia» preconizado por Francis Fukuyama, Lipovetsky nos habla de una metamorfosis gradual, caracterizado por la disolución de las grandes narrativas, el debilitamiento del pathos trágico y el auge de la lógica de la inmediatez. Se trata de un enfoque más antropológico y existencial, donde el acento no se pone en una nueva forma de pensar, sino de vivir, de sentir, de relacionarse con el tiempo, con los demás y con uno mismo. Más que una crisis del conocimiento, del saber, se plantea como un reordenamiento del imaginario colectivo, donde el presente hegemoniza todo el interés y se concentra lo trascendente de la escala temporal.

Los grandes ideales desaparecen, aquellos que ofrecían una cierta densidad simbólica y una orientación trascendente. Con la posmodernidad se suprimen las «promesas fuertes» y se promueve una cultura de la «ligereza», de lo provisional, de lo fragmentario. Es un nuevo estilo de vida, menos trágico y combativo, menos solemne, donde lo lúdico y subjetivo acapara amplias cotas de la existencia. Es una mutación cultural donde lo maleable se impone bajo formas de reversibilidad y flexibilidad, todo se hace dúctil, sin compromiso, sin cohesión ni conexión alguna con la trascendencia o sistemas de pensamiento que condicionen la existencia en términos de disciplina y rigidez.

Otro rasgo esencial de la condición del hombre posmoderno es la «evaporación de lo trágico». De algún modo, en la era moderna, el héroe trágico encarnaba la tensión entre el deber y el deseo, entre el orden cósmico y la libertad individual. Sin embargo, en la posmodernidad, esta figura se desvanece, de modo que el sujeto particular ya no se encuentra escindido entre el yo y el deber colectivo, y ahora aparece condicionado por su propio presente, por sus decisiones cotidianas, la gestión de su tiempo, de su cuerpo y cuestiones que se desarrollan en un plano estrictamente personal. La cultura posmoderna evita el conflicto trágico, desplaza la culpa y trivializa el mal. Ya no encontramos el pathos heroico, sino el tono cool, la distancia frente a los hechos y la ironía. Y así tenemos la política convertida en un mero espectáculo, en el arte autorreferencial, en el relativismo moral, y, en definitiva, con un pensamiento débil.

Pero para el sociólogo francés esta ausencia de lo trágico no debe interpretarse como una pérdida, y para él el vacío no es nihilismo, sino una nueva forma de relacionarse con el ser, de manera menos intensa, más liviana, menos sagrada pero más «habitable». El hombre no cae en el desencanto, ni tampoco renuncia a encontrar sentido, pero lo busca de forma dispersa y provisional, sin grandes pretensiones. De este modo la vida se reduce a una relación entre vacío y deseo, entre la autonomía y la saturación de estímulos, que al fin y al cabo supone otro vacío, porque tras la saturación de estímulos solamente hay un sucedáneo de felicidad, dentro de esa tendencia a lo efímero, tras la cual, solo queda el vacío absoluto.

Y es que el diagnóstico que Lipovestsky nos hace de la cultura posmoderna sitúa como elemento central el papel de los medios de comunicación y la cultura del espectáculo. La televisión, el cine y la publicidad, a los que hoy podríamos añadir internet y las redes sociales, no son meros vehículos de información o entretenimiento, sino que son estructuras simbólicas que reconfiguran la sensibilidad, el tiempo y la percepción de la realidad. De hecho son los medios de comunicación de masas los instrumentos y catalizadores en la difusión de la cultura narcisista y el hedonismo personalizado, en la que el principio racional y discursivo cede su lugar a formas más emocionales, fragmentadas y efímeras en la relación con el entorno y el mundo en definitiva. De hecho, el lenguaje de lo visual, totalmente sobredimensionado, ha generado todo un lenguaje que se ha hecho dominante en nuestra época, en el que se privilegia la apariencia y la vivencia subjetiva por encima de toda estructura estable y jerárquica. Y de ahí deriva la espectacularización generalizada a través de la imagen, del impacto que produce, erosionando las fronteras entre lo público y lo privado, entre lo verdadero y simulado, entre el acontecimiento y la escenificación.

En este contexto, el espectador sustituye al ciudadano comprometido, y la política se convierte en un consumo simbólico, en el que el sentido de comunidad es reemplazado por consensos mediáticos efímeros. Para Lipovetsky no es, una vez más, una tragedia, sino que produce un efecto ambivalente: y si bien debilita el compromiso, también produce una sensibilidad más abierta, plural y tolerancia hacia la diferencia. Todo esto, bajo un aparente lenguaje académico y bienpensante, que no hace sino alimentar el pensamiento débil y la destrucción de cualquier idea o principio comunitario sustentado sobre pensamientos fuertes, sobre un principio de jerarquía y cohesión a nivel colectivo.

El hombre posmoderno ignora toda tensión espiritual, y en consecuencia vive la temporalidad de forma acelerada y discontinua, sometido a un flujo incesante de información, de novedades, y concibe su entorno y los estímulos que recibe de éste, desde la perspectiva de la obsolescencia programada. Por eso no se plantea jamás el porvenir e ignora por completo el pasado, para vivir bajo un «presentismo» hedonista, de tal modo que en su percepción del tiempo este no es sino un conjunto de instantes vividos, registrados, compartidos y, en última instancia, olvidados. Así se pierde el sentido de continuidad y duración, impidiendo que tanto a nivel colectivo como individual se pueda construir una identidad coherente o cimentar aquella existente.

Esto lo vemos a través de la cultura digital, aunque en el año que Lipovetsky escribe su libro, en 1983, todavía se encontraba en un estado embrionario o incipiente, pero ya se impone la idea de la hiperconexión, la instantaneidad, la lógica del feed y de la viralidad, que ahondan sobre una experiencia centrífuga del tiempo, donde ya no importa lo que es duradero, sino lo que aparece, lo que afecta y circula en un cambio continuo. De tal modo que el individuo se adapta a la velocidad más que a la profundidad.

Obviamente, la consecuencia es el debilitamiento y la destrucción de todas las formas narrativas tradicionales, tanto a nivel religioso e histórico como ideológico e incluso familiar. Todas estas estructuras, que garantizaron durante generaciones una estabilidad y cohesión en diferentes planos, pierden su poder para dejar su lugar a la cultura de las vivencias dispersas, fragmentadas e inconsistentes. Todo queda reducido al capricho de la experiencia subjetiva del individuo, a sus elecciones de consumo o sus afectos momentáneos. Y tenemos un amplio reflejo de estas ideas en todos los ámbitos, en el arte, en el cine o en la política. La «democratización cultural» y el «pluralismo ético» al que alude el autor, no es sino la destrucción de certezas y principios de carácter vertical, verdades íntegras y sagradas que entran en declive hasta desaparecer.

Ahora bien, una vez destruido el sentido profundo y cohesionador de las grandes instituciones normativas, como la familia, la escuela o el Estado, que sustentaban el cuerpo social mediante su legitimidad simbólica, ¿qué impacto pueden tener sobre los fundamentos éticos y educativos de la sociedad? ¿Qué ocurre con la transmisión de valores, la responsabilidad moral o el pensamiento crítico en una época tan volátil y carente de toda solidez? No existe ningún principio de autoridad en el que cimentar ninguno de estos principios, todo ha sido sacrificado en nombre de la autonomía individual, la horizontalidad y las identidades subjetivas. Es evidente que se ha generado un vacío y la falta de un anclaje o asidero en los procesos educativos. Los profesores ya no encarnan una figura de autoridad, y se encuentran supeditados a las exigencias de los alumnos, a su satisfacción emocional, a su sensibilidad, a garantizar que no se aburran, relegados a una posición de negociación constante. De ahí que la educación y el papel del docente se vea obligado a reformularse y adaptarse a nuevas formas de pedagogía, que en opinión del sociólogo francés, debe adaptarse a la transmisión de conocimientos para «formar subjetividades» dentro de una «pedagogía de la autonomía crítica» que no imponga valores.

En esta era del vacío, caracterizada por el debilitamiento, cuando no aniquilación, de los valores trascendentes, ya no hay una moral universal que pueda orientar las acciones. Lo que prima es una ética débil, individual, basada en la sensibilidad, en la empatía y eso que los progres y globalistas llaman «respeto a la diferencia», que entra en contraste con el desprecio y degradación de lo propio, de lo que le es familiar, de la Tradición en definitiva. Y que lejos de las observaciones de Lipovetsky, sí supone la caída en un relativismo autodestructivo. De hecho, el autor francés ve todas estas transformaciones propiamente posmodernas, de un pensamiento débil, fragmentado, antijerárquico y servil ante cualquier contaminación cultural o asunción de los valores destructivos y globalistas del melting pot como el efecto de una evolución positiva, donde lo emocional y afectivo, lo irracional, invita a la claudicación en nombre de una falsa justicia social, un falso ecologismo o la desfiguración de componentes étnicos, tradicionales e identitarios a nivel colectivo, para defender al modelo multicultural y globalizado, estandarizado y yermo de particularidades. Precisamente lo que hoy tenemos, con países totalmente destruidos en su esencia histórica, étnica y de legados tradicionales en la Europa occidental. Todo en nombre de un pensamiento superficial, fugaz y débil, entregado a los protocolos, normativas e imposiciones de una plutocracia global que somete e impone a una masa idiotizada Agendas en nombre de pretendidos principios de justicia que no son sino la antesala de formas aberrantes y deshumanizadoras de control tecnocrático.

Para terminar, aunque ya hayamos adelantado alguna de nuestras conclusiones respecto al libro, creemos que Gilles Lipovetsky ofrece una visión funcional a la posmodernidad, a la justificación de una serie de transformaciones sociales, culturales, políticas y humanas, que lejos de tener un efecto positivo, de evolución y progreso, envilecen y destruyen a la propia condición humana. La conversión del hombre en un ser infantilizado, egoísta y pusilánime, incapaz de adquirir compromisos colectivos, del sacrificio por grandes ideales que han sustentado modelos de civilización perpetuados en los siglos, no es sino el síntoma de un gran fracaso, de la claudicación del hombre, síntoma de la cultura de la cancelación y la promoción de una antropología negativa y el fomento del nihilismo, por más que se trate de camuflar con eufemismos absurdos y un lenguaje academicista totalmente hueco, retórica vacía, que no deja de ocultar una crítica necesaria frente a cambios estructurales que no son, ni mucho menos, el fruto de una evolución natural, sino totalmente inducidos, y en los que la tecnología sirve de medio de alienación generalizada del sujeto posmoderno. La «era del vacío» de la que nos habla Lipovetsky es una época de decadencia, degeneración, caos y deshumanización, y sin duda alguna es una oportunidad para volver a conectar con el pasado, para religarse con la Tradición e invertir el signo de los tiempos.

Desde un enfoque específicamente tradicionalista, el diagnóstico que Lipovestky nos hace de la sociedad posmoderna, si bien puede ser válido y aceptable desde una perspectiva crítica, resulta insuficiente porque no podemos insertarlo en una cosmovisión propiamente tradicionalista, y suran una sociedad tradicional completamente ajena a los ítems ideológicos que representa esta última. De ahí que la Modernidad, para René Guénon, por ejemplo, represente una desviación extrema de los principios metafísicos y universales que estructuran las civilizaciones tradicionales. Para Lipovetsky esté fenómeno es relativamente reciente, y no el resultado de un proceso histórico amplio y contrastado, que comienza a gestarse en los siglos. Lipovetsky diferencia la modernidad y la posmodernidad, como si fueran dos procesos independientes, en los que solamente nos habla de síntomas sin realizar un análisis de conjunto que llegue a la raíz metafísica del problema. Tanto para René Guénon como para Julius Evola, el individualismo se trata de un proceso de involución espiritual, un descenso hacia lo material y lo informe, algo que no entraña ningún aspecto positivo, y menos en los términos de una «mayor libertad», y donde Lipovetsky ve una posibilidad y una serie de cambios adaptativos, el tradicionalismo ve una forma de claudicación ante lo moderno.

La posición fría, distante y observadora de Lipovetsky difiere radicalmente del tradicionalismo, y no solo por esa ausencia de profundidad en el terreno de lo metafísico, sino porque no ofrece ninguna alternativa al oscurecimiento de lo sagrado, y se limita a una mera descripción de la decadencia, todo desde la perspectiva del científico.

Además, la superficialidad de Lipovetsky se queda únicamente en la catalogación cultural de fenómenos como el hedonismo y el individualismo, sin abordar la radical antítesis que éstos representan frente a lo espiritual. La actitud resignada del sociólogo francés actúa en el marco mental e ideológico de la posmodernidad, frente a la cual no hay que mostrar ningún tipo de alternativa, ni restaurar jerarquías naturales, ni apostar por valores heroicos y aristocráticos, ni mucho menos por la formación de una élite espiritual. Es obvio que el marco conceptual e ideológico en el que actúa este autor es radicalmente ajeno a cualquier concepción morfológica de la historia y concepción tradicional aneja a la misma.

Por otro lado, no se dejan de evidenciar lagunas en su discurso, en la medida que ve en el individualismo el motor de la posmodernidad, y lo asocia a la liberación respecto a las «ataduras» colectivas que representan la Patria, la religión o la comunidad, pero frente a éstas reconoce que solo queda un vacío existencial. Es un individualismo, que nada tiene que ver con aquel individualismo del kshatriya integrado en una jerarquía espiritual, que se erige como guía y estandarte espiritual frente a las naturalezas inferiores. El individualismo posmoderno no tienden a la diferenciación, sino que tiene un efecto de degeneración y envilecimiento a través de la autoexpresión narcisista y el hedonismo, atributos característicos del burgués y de la degenerada antropología liberal.

En definitiva, Lipovetsky es incapaz de proponer una salida positiva al conflicto que plantea la posmodernidad. Para él debe ser aceptado como un estadio inevitable de la historia, mientras que el tradicionalismo exige una ruptura total y absoluta con el mundo moderno, en la que la primacía de los principios metafísicos se convierte en una piedra angular, y son innegociables. El autor francés permanece atrapado en las paradojas y antinomias de un horizonte secular que critica, cayendo en una contradicción insoluble y sin posibilidad de continuidad. La «era del vacío», que abarca un periodo más amplio que el de la propia posmodernidad, representa un punto de ruptura con la Tradición primordial, y plantea una única salida, la cual pasa por la restauración jerárquica y espiritual. No podemos contemplar todos estos procesos disolutivos anejos a nuestro tiempo con la «neutralidad» de Gilles Lipovetsky, sin atender a la existencia de un horizonte metafísico y de Verdades eternas, rescatando el principio de lo Sagrado y la acción heroica en última instancia.

---

Artículo original: Hipérbola Janus, Reseña: «La era del vacío» de Gilles Lipovetsky (TOR), 28/Abr/2025