Hacker News new | past | comments | ask | show | jobs | submit | more piracy1's comments login

Weather or not Melvin has the position, you can look at the borrow rates and short interest. Someone is balls deep in shorts and they have to cover one of these days.


Gabe was like, Oh, you want half life? Oh, you'll get it, don't worry.


So, Half Life 3 confirmed?


Often times there is a strict timeline for results and when they're processed and released to the world, I assume leak means someone just kinda went around the regular and pretty slow channels of reporting this info. Perhaps this info would be published when the trial is done in a month or however long.


Whoooooooooooo would not want to catch whatever the fuck that charge is


The title kinda over hypes it. "foreign account" a french programmer, not the GRU. It was some edgy french dude who was some sort of physically ill and gave all his money to similarly edgy ppl who shared his beliefs before killing himself. The title makes it seem like the GRU sent a right wing Militia money or something, maybe they did but they probs used cash.


That actually makes it a bigger deal in a legal sense since it was a foreign account.


I do not disagree with that.


> It sucks that people are learning the hard way of their incredibly secure but unrecoverable methods. It's also a shame that there are probably countless instances of this and so a considerable amount of bitcoin is just totally lost and out of circulation, permanently.

Unless you own a bunch of btc, then it's deflation.

Though yeah, very sad.


But that's not UFO centric, that's death cult centric.


>a now proven fascist with no appreciation for democracy, its institutions, free speech, and the rule of law.

Who are you referencing here?


The straw man, of course!

I mean sure, I happen to agree with what I believe to be whatever1's attitude to the Person Not Named, but what whatever1 wrote has nothing to do with the topic under discussion.


And it does not seem a very serious attempt either. The only way to make this deal is through a single listed protonmail address that if this gets any traction will be closed in all likelihood. Not like an onion site with a contact page or something.


Not really.

The message is PGP signed. If the protonmail address is taken down, then another message will be put out with alternate means of contact that will have a correct PGP signature.

If you read the message there is indeed an onion address as backup in case things get taken down.

The PGP address is the important part. No matter what gets taken down, if they can get attention to another message with a valid PGP signature, then they can carry on easily.

EDIT: This is actually how Cicada3301 of all people operated. The PGP key allowed them to post a message even on Pastebin or /x/ and they would still be contactable and effectively uncensorable, because their identity was persistent and their messages were replicated.


As a side note, with so much attention on replacing PGP, I've long though the turning point would be when a group like this uses something else. It's just a highly visible thing and it's a group that a lot of people assume know what they are doing.


> with so much attention on replacing PGP

There actually isn't much attention on replacing PGP with anything specific.

What other completely decentralized alternatives exist with no single point of failure? libsodium? That's a good start but a long way from a complete alternative.

Plenty of quasi-centralized encrypted chat "apps" keep pretending they offer what PGP offers. The clueful ignore these gesticulations.


Indeed, for a side project I have, I have a problem I want to be able to solve of "encrypt a file with a passphrase in a way that's secure and can be decrypted with standard tools". PGP is the best option for this, but I'm resisting implementing it in the hope I can find something better.


You may wish to look at age: https://github.com/FiloSottile/age


I've looked at 10 different tools like this, but this doesn't fall well enough into the definition i'm using of "standard tools," by which I mean something installable from apt/yum/ports on a wide variety of systems.

The closest I've found is using openssl's aes modes, but that requires the IV to be stored out-of-band somehow which is a do-able but a hassle I was hoping to avoid.


For the context right here minisign would be perfectly capable. The post on this thread is not encrypted, there's no "decentralized" relevancy. Minisign has smaller keys and forces modern technology with a far simpler format.


I've always wondered how effective this sort of info security is. Could a state actor track down there sorts of operations, or can infosec be good enough to really leave no trace?


It's not that hard to do this kind of thing without leaving any solid trace at all.

A way to do it for example would be to use a stolen credit card to subscribe to a few VPN with hops on Tor in between and use that to set up a VPS that puts this up after a few weeks

The devil is in the details, but if you're careful you can leave absolutely no trace.


Although, the more they interact with the internet, the more clues they leave behind. Things like Tor can be deanonymized, and even Tor has a warning. Quote: "Generally it is impossible to have perfect anonymity, even with Tor."

Source: https://support.torproject.org/faq/staying-anonymous/


> Although, the more they interact with the internet, the more clues they leave behind

Interacting with a tor browser would be amateurish at this point. Just connect to tor (not on a browser, tor directly), use a script to upload to some random pastebin, disconnect from tor.


I didn't mention anything about a browser.

Note that, for example, your isp can see whenever you are using tor or a VPN. From there, they can inspect the packets to work out what pastebin you have visited. Eg. simply by measuring how many bytes you have uploaded and then finding the paste and comparing the length of the paste with the number of uploaded bytes. (Just a basic example, there are more advanced methods). See https://witestlab.poly.edu/blog/de-anonymizing-tor-traffic-w...


Yes.

This is why you don't actually post anything on pastebin yourself.

Rather, you SSH into a VPS (via multiple VPNs and Tor/I2P), then program the VPS to post your message to pastebin in a week.

And of course, you're not doing this from your home, you're doing this from the parking lot of a Starbucks in a car with tinted windows and fake plates, using a device with a spoofed MAC address.

There are many ways of pulling this off so that no one will ever be able to pin you down. You just need to pay attention to detail.

You're of course using some sort of obfuscated bridge too, so that packet sizes become meaningless.


Allright, good point. I'll concede the argument - there's fairly decent anonymity for those who use a combination of tools and know how to operate them. It's still not 100% perfect, but good enough.

Some examples where it could go wrong: what if the VPS was a honeypot? What if the VPN logged everything? What if Tor or other piece of software they are using has a 0-day? The more complexity, the more chance for a bug or mistake... and so on...


Yes, it's absolutely true that you must be very careful, and of course it's not 100% but it's 99.9999...% perfect.

That said, a VPN logging everything, or Tor being compromised, or the VPS being a honeypot wouldn't be enough to compromise you, you'd need all of them to be true simultaneously.


Let's say you followed all of the leads down to connection points.

Randomized MAC connecting to a MacDonalds free WiFi, cameras capture a masked guy in a hoodie or black Cutlass with unreadable plates. Now what?


even better: throw away a raspberry pi that automatically connects to the McDonald's WiFi at night from the trash can. the evidence is disposed of, and surveillance captures many people throwing away trash. whose happy meal had the toy?


Or fashion an cantenna and connect all the way from KFC.

Plenty of ways to be untraceable unless there is a spook at every hotspot, instantly notified of undesirable activity.


IDK, maybe ironkey is just really secure. I knew someone who worked at a nuclear research facility for a major defense contractor and they used them. If the US gave them the green light I bet you they had the NSA poke at it.


Sure, but there are companies like the Israeli NSO which apparently has cracked the uncrackable iPhone secure enclave, I can't believe that for the right amount of money they wouldn't take a stab at it, or at least try to figure out a way to have unlimited password tries for this guy. Idk, maybe I'm being naive.


Well, to be clear, they'd be working on contingency. Unless this guy is otherwise wealthy, he probably won't have a million dollars laying around to give them.

I wouldn't hold my breath on companies willing to work on contingency to break a piece of crypto the US government uses. Not that the government is particularly competent at this, but it's a reasonable bar. Plus there will almost certainly be legal issues stemming from cracking devices the government uses.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: