Regarding V

October 31st, 2019

In this post I would like to address a few related aspects of v: why v, what is v, where does v come from, and what does v do.

The idea of v, the republican versioning system, transcends any single implementation. It is a whole new paradigm for the development and use of software. The underlying idea of v is to know completely the state of a piece of software, to be able to control all changes to it, and to ultimately know who is putting what changes into it. V allows one to confidently build code, know where it came from, and know it will not change unexpectedly1.

In the past, software development could be done by applying a series of patches to arrive at a final program state. With v, the patch is replaced with the slightly different vpatch, as described below. A collection of related of patches is referred to as a "v tree". A patch that only introduces new files is referred to as a "genesis".

One of the guiding principles behind the use of v is that each and every line should have a person to "blame", it should be obvious who wrote a line and who approved it. You can trace each line in a final document back by locating it in the corresponding vpatch and seeing who signed that vpatch. As Asciilifeform explained in a one line summary of vtronics: "every line has a sworn and cryptoauthenticated author".

The fundamental information provided in a vpatch is the state before the change, the change to the document (usually software code, but this system could be applied to any document), and the state after the change. The big change from old style patches to vpatches is that states are now given as cryptographic hashes2 of the document3 as found and as changed. Each vpatch is cryptographically signed by the author or approver4. Each time v is used it is run against a set of web-of-trust (WOT) identities (gpg keys), and only patches that have been signed by at least one of those identities will be included.

A v program is handy in that it automates a series of steps, but these steps can be done manually: 1. Each patch is verified with its corresponding signature, and the signer is verified to be within the WOT5. 2. The order of patches is determined by comparing "before" and "after" hashes for the files. 3.a. A patch is applied. 3.b. After applying the patch, the state is checked to verify that the patch applied as expected6. Repeat 3.a and 3.b until all patches have been applied.

It is not too hard to come up with a scenario that creates a diverging tree. The obvious way a tree can diverge is if two patches each alter the same file. Since v enforces changes to files based on their hash identity, if the two patches list the same hash as the starting point then only one can be used, as the other would no longer have the same hash-id'ed file to start with. A more subtle branching can also be made, where patches affect different files, and this can be non-dependent or soft-dependent. If two patches make unrelated changes in two different files then they are non-dependent on each other - the patches can be applied in either order. However, there could also be a dependency of one patch on the other. For example, a function could be defined in one file in the first patch, and the function could be called in a separate file in the second patch. In this case the program will build if the first patch is applied, but will not build if only the second patch is applied since the function would be missing its definition. This issue was addressed by adding a "manifest" file, which allows the enforcement of patch ordering over the whole set of files.

Ideally, each vpatch contains the changes of a single item - it should follow the ideal of "fits in head". The changes introduced could affect just one file or every file, but there should be some unifying theme that connects all the changes included.

Other references:
V for Victory
V-tronics 101
A collection of vpatch trees, for example, can be seen at btcbase.org/patches.

  1. Have you ever had a piece of software get "upgraded" and then everything which depends on it no longer works? Very frustrating. []
  2. When v was initially introduced the hash used was SHA-512, this was later changed to Keccak. []
  3. In the pre-v world, it was assumed that each person could have a different version of a file to apply a patch to, and so patch programs were made to be forgiving, and would try to find the best way to apply a patch. There are a number of ways this could go wrong. []
  4. Why would you not use the signature of the author? It is not possible to know everybody, and so the web of trust can help make decisions about who to trust. But maybe the author is too far away from you in this web, or perhaps he is not even in the web, and so you would instead rely on the signature of somebody who you did trust that read the vpatch and gives their signature of approval. In the strictest use of v the only key given to v is your own, and you only build software that you have personally read and signed. []
  5. The WOT here refers to the subset of identities which you have chosen to trust for changing this document, not the WOT as a whole. []
  6. The hash listed in the vpatch must match the hash of the file after the patch was applied. []

Meme of the day by Raelani

October 25th, 2019

Camoflage, like a boss

This meme was created by my daughter Raelani, with the help of our cat, Albus. Assorted detritus were provided by my son Elliott (at least, I think that is his coat and shoes).

Back up again

October 16th, 2019

After a brief downtime due to my hoster having technical difficulties, this blog is back up and running again. Hooray, rejoice and be merry!

Home Economics Likebez

September 16th, 2019

I will start with a quote from the #Trilema Log1:

mircea_popescu: Let's do some practical home economics likbez:

IF the problem is that the currency is shit (which is strictly what "rising rents" means: if rents are rising, THEREFORE the currency is shit. if urine is sweet, THEREFORE diabethes, no iffs or butts about it, these are NOT separable), then owning real estate is a very poor solution: real estate follows the currency secular trend if currency is strong and stays strong, real estate goes up in value, which is how owning land in republican Rome or expansive Venice paid out. If however the currency flags, real estate forthwith moves into emergency monetization role, meaning you want to short it as part of a triple currency play. (Which is why us banks LEND you houses: it's the other part of their international trade where they borrow hard currency.)

That was part 1, as to financials.

IF you are a young man, and are producing more than consuming (if not, please follow the recipe2 for gender re-assignment, you don't belong here), you should save ~in capital goods~ specifically ~of your trade~. That's what you do with every dime you can save: you buy your own tools! to become journeyman! If you're making a living driving a car, you buy CARS. if you're making a living fixing cars, you buy forklifts and power tools. The only 20-something who can reasonably buy real estate is... a pimp. If you're not a fucking pimp, you don't buy real estate in your 20s. and if you are a pimp, you buy in fucking Baltimore, you buy in the blighted downtown of Detroit3 or Philly or whatever the shit. NOT crap in suburbia; and in any case you don't buy crap made ~for you~ by people who ~you do not know~. What the fuck, are you retarded ? if people who you don't know are making things for you, the name for the thing they're making is A TRAP. Either you buy made to order like my serb friends4, or else you buy leftover brownstone nobody else wants, etcetera. what the fuck, this is novel to someone ?! Why, because "do we still have to" read 1700s state of the art textbooks on personal conduct ?

That was part 2, as to journeyman economic conduct.

If you're a young man, YOU DO NOT BUY ILLIQUID, NON-NEGOTIABLE ANYTHING!!!! I don't mean, with money. I mean with anything. You have enough sense to keep your sexual relationships at will rather than get fucking married, fine, but the same applies throughout. Buying "a house" from "the bank" is THE EXACT EQUIVALENT of giving your savings to your dad "to hold on to them for you". what the fuck, are you twelve? Things flow the other way, your aging dad gives you the duchy of Cornwall for you to hold on to for him, what the fuck is this ? and if dad ~dun have~ a duchy of Cornwall large enough to keep you occupied, ~you leave~. and you spit on his head, too, because HE FAILED in life. Because this was his fucking job: by the time the sons he made were old enough to do something useful with his time, he was supposed to have so much fucking land and chattels as to be desperate for loyal hands, and more than happy to "go, take x, hang yourself with it, holy hell finally!" as a young orphan with potential, you keep to negotiable instruments. that's why the young men of Florence who did get to be old men and successful enough as to buy up all the young cunts for gold to all the failures' despair went into trade rather than bureaucracy! NEGOTIABLE. If whatever the fuck it is "you have" can't be ~sold~, on the ~open market~, YOU ARE NOT INTERESTED IN IT. You will be interested, of course, BUT FIVE DECADES HENCE. When you're old. Then the sort of non-negotiable commitment makes sense. Not in your fucking 20s, so spare me with all the "jobs" you can not sell (yes, this is what "working remote" IS, SELLING IT!!!), all the "college degrees" worth 0 on auction, and all the etcetera.

This was part 3, as to commercial aptitude.

There's more, and besideswhich a lot more to all of these foregoing parts, but holy hell... seriously, nobody ever thinks of things or what is the problem here !?

Back in 2005 when I was young and stupid, my wife and I were told that our apartment rent would be going up (I don't remember exactly, but it was somewhere in the 10-15% range). So we decided that we should buy a house, avoiding rising rents was one of the reasons. Another reason being that we would save up some money as equity; the price of houses in the Lansing area had been consistently rising for 20 years, and we wanted to tap in on that wave. We were college students with part-time jobs, but we didn't have any negatives on our credit report, so we somehow qualified for a mortgage. This was a 0% down mortgage, what they do is artificially inflate the price of the house and roll things like closing costs into the amount you are borrowing from the bank. Turns out we bought right at the top of the housing bubble, and five years later when we wanted to move the house was only worth a quarter of what we paid for it. At that point, we would have been much better off if we had just kept renting.

Having had our credit trashed by the housing fiasco, we rented for a while when we moved to Midland. When we bought a house again, we approached it very differently. Instead of looking at it as an investment, we tried to find the best way to maximize our return on our expense. We found a house that we will be comfortable in at least until we retire. We could have gotten a bigger house in a nicer neighborhood according to the "budget" that the real estate agent so helpfully suggested to us, but instead we chose one that fit into our own budget. And now we pay the same amount monthly for our mortgage that we did for our rental, but the house is twice as big5. My point is, in some situations it makes sense to buy a house, but not in every situation.

We also purchased some commercial real estate for my wife's business6. This would go along with Mircea's part two above. Her business involves teaching music lessons, so we have invested in the building and the instruments to make that possible. As they say, you can't get rich making money for somebody else.

  1. I have made some minor edits to change it from IRC format to paragraph format. []
  2. snsabot: Logged on 2018-01-08 12_21_33 btcvixen: Yes it does, as my government id says _Sex_ F_ []
  3. About 2011 I was looking into the real estate market in Detroit, since at that point I was working in the Detroit Suburbs and that would have been a short commute. My impression was that although the house prices were low the taxes are really high, so you don't actually end up saving money in the long run. There is also the matter of schools, Detroit schools are absolutely worthless. But then I got a job in Midland, so I never really finished that line of research. []
  4. snsabot: Logged on 2018-11-25 13:50:17 a111: Logged on 2014-09-10 15:02 mircea_popescu: well yeah. was a bunch o people, they got building permit and proceeded to built like at home. concrete pillars, brick walls etc. []
  5. We had a fourth child since moving to Midland, and now we have teen-agers, so having more space is a good thing. []
  6. Really, it is our business since we are co-owners, but I think of it as her business because she is the one doing most of the work. I give general advice on big decisions, and any light handiwork gets dumped on me, but mostly it is her thing. []

Definition: Man-Bun

September 15th, 2019

Today my son and I were eating lunch, and we decided that we needed to appropriate and redefine the term "man-bun". So from this point forward, a man-bun is not some sort of fru-fru fluff ball bunched on the back of a guy's head. A man bun is a piece of bread with a pile of meat, cheese, and bacon inside.

Elliott had a man-bun for lunch today.

Signatures for FFA

September 12th, 2019

I have been reading and signing the FFA series by asciilifeform. I have read the whole series as they have been published, and I have been signing them as I feel like I understand what is happening in each patch. I intended to get through the whole series before publishing this blog post, but as I have gone some time without adding any signatures I figured I should go ahead an make this post with the signatures that I already have.

These are signatures of the keccak versions of the vpatches. The patches can conveniently be viewed using the btcbase.org patch viewer.

Update to Selection Code

August 28th, 2019

I have added the selection logic change from Trilema to this website. If you see any strange, please let me know!

Constructing Digital Signatures from One Way Function

August 19th, 2019

Op. 52

Constructing Digital Signatures from One Way Function

Leslie Lamport
Computer Science Laboratory
SRI International

18 October 1979
CSL 98

333 Ravenswood Ave. Menlo Park, California 94025
(415) 326-6200 Cable: SRI INTL MPK TWX: 910-373-1246

1. Introduction

A digital signature created by sender P for a document m is data item op(m) having the property that upon receiving m and op(m) one can determine (and if necessary prove in court of law) that P generated the document m .

A one way function is function that is easy to compute, but whose inverse is difficult to compute1. More precisely one way function T is a function from set of data objects to a set of values having the following two properties:

  1. Given any value v , it is computationally infeasible to find a data object d such that T(d) = v .

  2. Given any data object d , it is computationally infeasible to find a different data object d' such that T(d') = T(d) .

If the set of data objects is larger than the set of values, then such a function is sometimes called one way hashing function.

We will describe a method for constructing digital signatures from such a one way function T . Our method is an improvement of a method devised by Rabin2. Like Rabin's, it requires the sender P to deposit a piece of data o in some trusted public repository for each document he wishes to sign. This repository must have the following properties:

  • o can be read by anyone who wants to verify P's signature.

  • It can be proven in court of law that P was the creator of o .

Once o has been placed in the repository, P can use it to generate a signature for any single document he wishes to send.

Rabin's method has the following drawbacks not present in ours.

  1. The document must be sent to single recipient Q , who then requests additional information from P to validate the signature. P cannot divulge any additional validating information without compromising information that must remain private to prevent someone else from generating new document m' with valid signature op(m').

  2. For a court of law to determine if the signature is valid, it is necessary for P to give the court additional private information.

This has the following implications.

  • P -- or a trusted representative of P must be available to the court.
  • P must maintain private information whose accidental disclosure would enable someone else to forge his signature on a document.

With our method, P generates a signature that is verifiable by anyone, with no further action on P's part. After generating the signature, P can destroy the private information that would enable someone else to forge his signature. The advantages of our method over Rabin's are illustrated by the following considerations when the signed document m is a check from P payable to Q .

  1. It is easy for Q to endorse the check payable to third party R by sending him the signed message "make m payable to R ". However, with Rabin's scheme, R cannot determine if the check m was really signed by P , so he must worry about forgery by Q as well as whether or not P can cover the check. With our method, there is no way for Q to forge the check, so the endorsed check is as good as check payable directly to R signed by P . (However, some additional mechanism must be introduced to prevent Q from cashing the original check after he has signed it over to R .)

  2. If P dies without leaving the executors of his estate the information he used to generate his signatures, then Rabin's method cannot prevent Q from undetectably altering the check m -- for example, by changing the amount of money payable. Such posthumous forgery is impossible with our method.
  3. With Rabin's method, to be able to successfully challenge any attempt by Q to modify the check before cashing it, P must maintain the private information he used to generate his signature. If anyone (not just Q ) stole that information, that person could forge a check from P payable to him. Our method allows P to destroy this private information after signing the check.

2. The Algorithm

We assume a set M of possible documents, set K of possible keys3, and set V of possible values. Let S denote the set of all subsets of {1, ... , 40} containing exactly 20 elements. (The numbers 40 and 20 are arbitrary, and could be replaced by 2n and n. We are using these numbers because they were used by Rabin, and we wish to make it easy for the reader to compare our method with his.)

We assume the following two functions.

  1. A function F : K → V with the following two properties:

    1. Given any value v in V , it is computationally infeasible to find a key k in K such that F(k) = v .

    2. For any small set of values v1, ... , vm , it is easy to find a key such that F(k) is not equal to any of the vi .
  2. A function G : M → S with the property that given any document m in M , it is computationally infeasible to find document m' ≠ m such that G(m') = G(m)

For the function F , we can use any one way function T whose domain is the set of keys. The second property of F follows easily from the second property of the one way function T . We will discuss later how the function G can be constructed from an ordinary one way function.

For convenience, we assume that P wants to generate only a single signed document. Later, we indicate how he can sign many different documents. The sender P first chooses 40 keys ki such that all the values F(ki) are distinct. (Our second assumption about F makes this easy to do.) He puts in public repository the data item o = (F(k1), ... , F(k40)) . Note that P does not divulge the keys ki , which by our first assumption about F cannot be computed from o .

To generate a signature for a document m , P first computes G(m) to obtain a set [i1, ... , i20] of integers. The signature consists of the 20 keys ki1, ... , ki20 . More precisely, we have op(m) = (ki1, ... , ki20) , where the ij are defined by the following two requirements:

  1. G(m) = {i1, ... , i20}

  2. i1 < ... < i20

After generating the signature, P can destroy all record of the 20 keys ks with s not in G(m) .

To verify that 20-tuple (h1, ... , h20) is valid signature op(m) for the document m, one first computes G(m) to find the ij and then uses o to check that for all j , hj is the ijth key. More precisely, the signature is valid if and only if for each j with 1 ≤ j ≤ 20 : F(hj) → oij , where oi denotes the ith component of o , and the ij are defined by the above two requirements.

To demonstrate that this method correctly implements digital signatures, we prove that it has the following properties.

  1. If P does not reveal any of the keys ki , then no-one else can generate valid signature op(m) for any document m .

  2. If P does not reveal any of the keys kj except the ones that are contained in the signature op(m) , then no-one else can generate valid signature op(m') for any document m' ≠ m .

The first property is obvious, since the signature op(m) must contain 20 keys ki such that F(ki) = oi , and our first assumption about F states that it is computationally infeasible to find the keys ki just knowing the values F(ki) .

To prove the second property, note that since no-one else can obtain any of the keys ki , we must have op(m') = op(m) . Moreover, since the oi are all distinct, for the validation test to be passed by op(m') we must also have G(m') = G(m) . However, our assumption about G states that it is computationally infeasible to find such document m' . This proves the correctness of our method.

For P to send many different documents, he must use a different o for each one. This means that there must be sequence of 40-tuples o1, o2, ... and the document must indicate which oi is used to generate that document's signature. The details are simple, and will be omitted.

3. Constructing the Function G

One way functions have been proposed whose domain is the set of documents and whose range is a set of integers of the form {0, ... , 2n - 1} for any reasonably large value of n . (It is necessary for n to be large enough to make exhaustive searching over the range of T computationally infeasible.) Such functions are described in [1] and [2]. The obvious way to construct the required function G is to let T be such a one way function, and define G(m) to equal R(T(m)) , where R : {0, ... , 2n - 1} → S .

It is easy to construct function R having the required range and domain. For example, one can compute R(s) inductively as follows:

  1. Divide s by 40 to obtain quotient q and a remainder r

  2. Use r to choose an element x from {1, ... , 40} (This is easy to do, since 0 ≤ r ≤ 40.)
  3. Use q to choose 19 elements from the set {1, ... , 40} - {x} as follows:
    1. Divide q by 39 to obtain quotient ...

It requires careful analysis of the properties of the one way function T to be sure that the resulting function G has the required property. We suspect that for most one way functions T , this method would work. However, we cannot prove this.

The reason constructing G in this manner might not work is that the function R from {0, ... , 2n} into S is a many to one mapping, and the resulting "collapsing" of the domain might defeat the one way nature of T . However, it is easy to show that if the function R is one to one, then property (ii) of T implies that G has the required property. To construct G we need only find an easily computable one to one function R from {0, ... , 2n - 1} into S , for a reasonably large value of n .

We can simplify our task by observing that the function G need not be defined on the entire set of documents. It suffices that for any document m , it is easy to modify m in a harmless way to get new document that is in the domain of G. For example, one might include a meaningless number as part of the document, and choose different values of that number until he obtains a document that is in the domain of G . This is an acceptable procedure if (i) it is easy to determine whether a document is in the domain, and (ii) the expected number of choices one must make before finding a document in the domain is small.

With this in mind, we let n = 40 and define R(s) as follows: if the binary representation of s contains exactly 20 ones, then R(s) = {i : the ith bit of s equals one} , otherwise R(s) is undefined. Approximately 13% of all 40 bit numbers contain exactly 20 ones. Hence, if the one way function T is sufficiently randomizing, there is a 0.13 probability that any given document will be in the domain of G . This means that randomly choosing documents (or modifications to a document), the expected number of choices before finding one in the domain of G is approximately 8. Moreover, after 17p choices, the probability of not having found document in the domain of G is about 1/10p. (If we use 60 keys instead of 40, the expected number of choices to find document in the domain becomes about 10, and 22p choices are needed to reduce the probability of not finding one to 1/10p.)

If the one way function T is easy to compute, then these numbers indicate that the expected amount of effort to compute G is reasonable. However, it does seem undesirable to have to try so many documents before finding one in the domain of G . We hope that someone can find more elegant method for constructing the function G , perhaps by finding a one to one function R which is defined on a larger subset of {0, ... , 2n} .

Note; We have thus far insisted that G(m) be a subset of {1, ... , 40} consisting of exactly 20 elements. It is clear that the generation and verification procedure can be applied if G(m) is any proper subset. An examination of our correctness proof shows that if we allow G(m) to have any number of elements less than 40, then our method would still have the same correctness properties if G satisfies the following property:

  • For any document m , it is computationally infeasible to find a different document m' such that G(m') is a subset of G(m) .

By taking the range of G to be the collection of 20 element subsets, we insure that G(m') cannot be proper subset of G(m) . However, it may be possible to construct a function G satisfying this requirement without constraining the range of G in this way.

-------

Editors note: Some characters in the original paper were changed to members of the Roman alphabet.

  1. Diffie, W. and Hellman, M. "New Directions in Cryptography". IEEE Trans. on Information Theory IT-22 (November 1976), 644-654. []
  2. Rabin, M. "Digitalized Signatures", in Foundations of Secure Computing, Academic Press (1978), 155-168. []
  3. The elements of K are not keys in the usual cryptographic sense, but are arbitrary data items. We call them keys because they play the same role as the keys in Rabin's algorithm. []

Avatar Icon for WP Comments

August 19th, 2019

Something that I learned today:

If you put an avatar picture on your website, then WP will grab it to put next to the comments you leave on your site and on other WP websites. Specifically, it seems to be working with the file "avatar.png". Although, Diana Coman says it should be "avatar.ico", but I tried that and it did not work on this site. It is possible that different versions of WP look for different files, in which case it would not hurt to have a ".ico" and a ".png" file both in the root directory of your website.

Tada! Avatar for comments.

Tada! Avatar for comments.

2020 Presidential Candidates

August 5th, 2019

The United States will have its 4-year presidential election next year. Here are my thoughts on the candidates running for the position.

On the Republican side, there is Donald Trump. I do not see any way that anybody else get the nomination. Unseating a sitting president is unheard of1, and the republican base seems fairly happy with Trump's performance, so we can assume that Trump will get the nomination. There are some aspects of Trump's administration that I like (like the nomination of Gorsuch to the supreme court), and he has not done as many bad things as his opponents claimed he would do when he was elected, so although he has a way of making every subject a source of drama I would not be horribly disappointed to see him win another four year term.

The Democrats seem to be using the strategy of throwing everything they can at the electorate and seeing if anything sticks. There is Obama's VP Joe Biden for the people who pine for the good old days days of the Obama administration before the racists took over our country. There are Senators Elizabeth Warren and Kirsten Gillibrand2 for people who really liked Hillary Clinton and like to point out by how much she won the popular vote. There are old candidates (Gravel is 89, apparently still alive and sort of running3 ) and young candidates (Gabbard is only 38). There are good looking candidates (Tulsi Gabbard might be the first presidential candidate anyone would want to see in a bikini) and ugly candidates (ahem, most of them, but I'm thinking of Kamala Harris here). And there are candidates from a variety of races (White, Hispanic, Black, Asian, Samoan, Indian, etc). There is even a mix of people with lots of political experience, like Bernie Sanders who has been in the Senate longer than I have been alive, down to people like Yang who have never been elected to a political office before. And the candidates are proposing free stuff in just as much diversity: free college, free healthcare, free $1000 per month to everybody, free housing, and probably more that I have forgotten.

The big problem is that the field is just too big. Democrats are struggling to get behind a candidate because there are too many of them running. And that problem is exacerbated by the media who seem to think each of these people have a chance at winning the nomination. While I like a couple proposals (which I will go into below) from some of these dark horses, at some point you just have to be honest and only list the people who have a serious chance. Looking back on recent history (post WWII), people who get elected president, or even nominated, have been one of four things: vice president from a previous administration4, governor of a state5, US senator6, or already have nation-wide name recognition7. Even using these criteria, there are still Biden (VP), Bullock, Inslee8, Hickenlooper9 (governors), and Bennet, Booker, Gillibrand, Gravel, Harris, Klobuchar, Sanders, Warren (senators), that's still twelve eleven nine eight people, which should be plenty to pick between.

Speaking of a couple of the long-shot candidates, I like Gabbard's stance on reigning in the US military and cutting back on military spending. And I like Castro's stance on loosening immigration laws. I see immigration as a good thing. While both of these are only polling in the low single digits, they would make good vice-presidential candidates to offset an older presidential candidate.

  1. The last time a sitting president was not re-nominated by their party was Grover Cleveland in 1896 []
  2. Update 2019-08-29: Gillibrand just dropped out. []
  3. Update: Looks like Gravel just dropped out. []
  4. VP's: Truman, Johnson, Nixon, Humphery, Ford, Mondale, Bush I []
  5. Governors: Dewey, Stevenson, Carter, Reagan, Dukakis, B Clinton, Bush II, Romney []
  6. Senators: Kennedy, Goldwater, Dole, Kerry, McCain, Obama, H Clinton []
  7. Had name recognition: Eisenhower - General in WWII and helped start NATO, Perot - billionaire oil tycoon, Trump - millionaire and TV personality []
  8. Update: Inslee dropped out. []
  9. Update: Hickenlooper dropped out. []