May you do good and not evil. May you find forgiveness for yourself and forgive others. May you share freely, never taking more than you give.
A huge problem with software that relates to privacy and/or to money is that frequently strange and overcomplicated design decisions are made, (passive tense because it is strangely difficult to find who made those decisions), decisions whose only apparent utility is to provide paths for hostile organizations to exploit subtle, complex, and unobvious security holes.
McAffee reported that this is a result of plants - the state plants engineers in nominally private organizations to create backdoors. Shortly after he reported this he was arrested and murdered by the US government. (To be precise he was arrested at the instigation of the US government, and then “mysteriously” murdered while in prison. Prison murders remain “mysterious” only if carried out by the state.)
These holes are often designed so that they can only be utilized efficiently by a huge organization with a huge datacentre that collects enormous numbers of hashes and enormous amounts of data, and checks enormous numbers of hashes against an even more enormous number of potential pre-images generated from that data.
Another huge problem is that if we get penetrated by enemy shills, entryists, and buggers, as the Patriot Front is and the Jan Sixth protestors were, we are likely to wind up like the January sixth protestors, who as I write this are imprisoned indefinitely being tortured by black guards recently imported from the northern part of black Africa, awaiting trial with no likelihood of any actual trial for years.
A participant who can be targeted is likely to introduce unobvious security flaws into the software architecture. All contributors should make some effort to protect themselves against a third party subsequently coercing them to use the reputation that they have obtained by contributing to make subsequent harmful contributions.
All contributors will use a unique name and avatar for the purpose of contributing to this project, and shall not link it to other names of theirs that are potentially subject to pressure. In the event of videoconferencing, the participants shall wear a mask over the lower part of their face that conceals the shape of their mouth and jaw and a rigid hat like a fedora that conceals the shape of the upper part their head.
Apart from your mouth, the parts of your face that communicate non verbal information turn out to be surprisingly useless for identifying individuals.
If you wear glasses, should not wear your usual glasses, because facial recognition software is very good at recognizing glasses, and easily distracted, confused, and thrown off by unusual glasses.
Even if there are gaping holes in our security, which there will be, and even if everyone knows another name of a participant, which they will, no need to make the hole even bigger by mentioning it in public. People who lack security are likely to result in code that lacks security. They come under pressure to introduce an odd architecture for inexplicable reasons. We see this happening all the time in cryptographic products.
Everyone participating in the project should have a username unrelated to the name
and identity that they use for other purposes, and an ssh key that they use signing
commits to this project, and for no other purpose, separate from any key used for
signing in to remote machines, and located in the .git directory of their local repository
(not their .ssh directory, for public keys in the .ssh directory get exposed to
too many machines, revealing a relationship between nym and network address)
with the public key also located in the .gitsigners file, where it is shared with
everyone through the upstream repository
Note that the file is called .gitsigners, not .gitallowedsigners,
gittrustedsigners nor .gitapprovedsigners. Everyone should sign every commit,
everyone who submits a pull request or otherwise makes their commits available to others
should add themselves to the .gitsigners file and if their commits are good,
eventually other people will trust them.
When we are truly eating our own dogfood, will not need a .gitsigners file, because we will have
a public ever growing data structure creating a unique append only mapping between
public keys and arbitrary data.
Of necessity, we will rest our developer identities on ssh keys, until we can eat our own dogfood and use our own system’s cryptographic keys. Login identities shall have no password reset, because that is a security hole. People should rely on ssh for login.
Every pull request should be made using git request-pull, (rather than
some web UI, for the web UI is apt to identify people through the domain
name system and their login identities.)
The start argument of git request-pull should correspond to a signed
commit by the person requested, and the end argument to a signed and
tagged commit by the person requesting.
When creating the tag for a pull request, git drops one into an editor and asks one to describe the tag. One should then give a lengthy description of one’s pull request documenting the changes made.
When accepting a pull request, the information provided by the requestor through the tag and elsewhere should be duplicated by the acceptor into the (possibly quite lengthy) merge message.
Thus all changes should be made, explained, and approved by persons identified cryptographically, rather than through the domain name system.
Suppose you choose the nym “gandalf”.
(First make sure that no one else is using your nym by glancing at the
.gitsigners file, which should be in sorted order, and if it is not,
run the linux sort command on it)
then at the root of your repository
ssh-keygen -t ed25519 -f .git/gandalf #to create your key pair
git config user.signingkey .git/gandalf.pub #tell git to use this key pair
git config user.name gandalf #will be ignored
git config user.email gandalf@ #fake email will be ignored
git config include.path ../.gitconfig #sets various defaults, ssh signing among themThen add
gandalf ssh-ed25519 «your-public-key-as-in-gandalf.pub»
to the .gitsigners file to publish your public key to anyone
who wants to make sure that commits are from the nym that they
claim to be – at least claim to be when their commits are
displayed by the git aliases of .gitconfig
The nym in .gitsigners is the one that matters, though user.email
and user.name should be the same or sufficiently similar to
show you are not up to anything funny.
Everyone shall be white, male, heterosexual, and vaguely Christian, even if they quite obviously are not, but no one shall unnecessarily and irrelevantly reveal their actual race, sex, religion, or political orientation.
Unnecessarily informing people one is female or Jewish or nonwhite should get similar treatment to unnecessarily informing people one is a pure blooded Aryan.
All faiths shall be referred to respectfully. Even if they happen to be making war on us, this software may not be very relevant to that kind of warfare, in which case that discussion can be held elsewhere.
All sovereigns shall be referred to respectfully, if they are referred to at all, which they should not be. If this software is likely to frustrate their objectives, or even contribute to their overthrow, no need to make it personal, no need to trigger our enemies. War will come to us soon enough, no need to go looking for it.
Status must be on the basis of code, good code, and clever code, not on cheap claims of superior virtue.
When someone plays the holier than thou card, he does not intend to share what we are sharing. Out of envy and covetousness, he intends to deny us what we are sharing, to deny us that which is ours.
If he is holier than we are, he not only wants what we have, which we will gladly share. He wants us to not have what we have.
Christians are required to turn the other cheek, and people attempting to maintain a politically neutral environment need to turn the other cheek. But you very quickly run out of cheeks, and then it is on. You cannot be politically neutral when the other guy is not being neutral. You have to bring a gun to a gunfight and a faith to a holy war. People who start politics in an environment intended to be politically neutral have to be purged, and a purge cannot be conducted in a politically neutral manner. You have to target the enemy faith and purge it as the demon worshiping heresy that it is, or else those attempting to maintain political neutrality will themselves be purged as heretics, as happened to the Open Source and Free Software movements. You may not be interested in war, but war is interested in you.
We want to maintain a politically, racially, religiously, and ethnically neutral environment, but it takes two to tango. You cannot maintain a politically neutral environment in a space where an enemy faction wants their politics to rule. Neutrality cannot actually be neutral. It merely means that the quietly ruling faction is quiet, tolerant of its opponents, and does not demand affirmations of faith. If an enemy faith wants to take over, the ruling faith can no longer be quiet and tolerant of that opponent.
We are doing this for ourselves, our friends, our kin, and our posterity, not for strangers a thousand miles away, and we only care about strangers a thousand miles away to the extent that they are likely to enable us to make money by making them secure.
If someone mentions the troubles of people a thousand miles away, it should only be in the frame that we will likely have similar troubles soon enough, or that those people a thousand miles away, of a different race, religion, and language, could use our product to their, and our, mutual advantage, not because he cares deeply for the welfare of far away strangers that he has never met in places he could not find on a map.
The Open Source and Free Software movements were destroyed by official victimhood. Status and leadership must be on the basis of code, good code, and clever code, not on cheap claims of superior oppression.
The experience of the Open Source and Free Software movement demonstrates that if victimhood is high status, code and code quality must be low status. If victimhood is high status then “you did not build that”. Rather, if victimhood is high status, then good code, silicon fabs, and rockets spontaneously emerged from the fertile soil of sub-Saharan Africa, and was stolen by white male rapists from the brave and stunning black warrior women of sub-Saharan Africa, and social justice demands that the courageous advocate for the brave and stunning black warrior women of sub-Saharan Africa takes what you have, what you gladly would share, away from you.
Unless, when a female contributor unnecessarily and irrelevantly informs everyone she is female, she is told that she is seeking special treatment on account of sex, and is not going to get it, no organization or group that attempts to develop software is going to survive. Linux is a dead man walking.
Contributions should be gpg signed.
Never use any email address on a gpg key related to this project unless it is only used for project purposes, or a fake email, or the email of an enemy. We don’t want Gpg used to link different email addresses as owned by the same entity, and we don’t want email addresses used to link people to the project, because those identities would then come under state and quasi state pressure.
if you add the recommended repository configuration defaults to your local repository configuration
git config --local include.path ../.gitconfigThis will implement signed commits and will insist that you have gpg on your path,
and that you have configured a signing key in your local config.
This may be inconvenient if you do not have gpg installed and set up.
.gitconfig adds several git aliases:
git utcmt to do a commit without recording your timezone in the git historygit lg to display the gpg trust information for the last few commits.
For this to be useful you need to import the repository public key
public_key.gpg into gpg, and ‑‑lsign that key.git graph to graph the commit tree with signing statusgit alias to display the git aliases.To only pull signed commits from people you have listed:
git config merge.verifySignatures true
gpg --import public_key.gpg
gpg --lsign 096EAE16FB8D62E75D243199BC4482E49673711CWe ignore the Gpg Web of Trust model, and instead use the Zooko identity model.
We use Gpg signatures to verify that remote repository code is coming from an unchanging entity, not for Gpg Web of Trust. Web of Trust is too complicated and too user hostile to be workable or safe. No one ever used it in the intended manner.
The web of trust model was written around email, to protect against physhing and spearphysh attacks. And who uses email for discussions and coordination these days? That was useful in back in the days when when everything important was happening on mailing lists like the cypherpunks mailing list. But even back in the day the web of trust model had too many moving parts to be very useful. In practice people only used Zooko identity, and Web of Trust was a cloud of confusing complexity and user hostile interface on top of Zooko identity. What gpg identity is primarily used for in practice is to make sure you are getting the latest release from the same repository managed by the same person as you got the previous release - which is Zooko identity, not Web of Trust identity, and has no real relationship to email. Zooko identity is about constancy of identity, Web of Trust is about rightful use of email addresses. Web of trust was a true names mechanism, and today no one speaks the truth under their true name.
Web of trust was designed for a high trust society - but in a high trust society you don’t need it, and in a low trust society, the name servers were too vulnerable to enemy action, and died, leaving the Web of Trust user interface in every installed copy of gpg a useless obstacle.
reaction.la gpg key 154588427F2709CD9D7146B01C99BB982002C39F
This work is licensed under the Creative Commons Attribution 4.0 International License.