<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Yuri Agaletskiy: Blog</title><description>Articles on Yuri Agaletskiy</description><link>https://yuri.ag/blog/</link><language>en-us</language><managingEditor>agaletskiy@yandex.ru</managingEditor><lastBuildDate>Thu, 02 Jul 2026 22:25:06 +0000</lastBuildDate><atom:link href="https://yuri.ag/blog/rss.xml" rel="self" type="application/rss+xml"/><item><title>Migrating to Arch Linux</title><link>https://yuri.ag/blog/migrating-to-arch/</link><pubDate>Sat, 22 Mar 2025 00:00:00 +0000</pubDate><author>agaletskiy@yandex.ru</author><guid>https://yuri.ag/blog/migrating-to-arch/</guid><description>&lt;p>As of this month, I&amp;rsquo;ve moved to &lt;a href="https://wiki.archlinux.org/title/Arch_Linux" target="_blank" >Arch Linux&lt;/a>
 as to my day-to-day operating system. That&amp;rsquo;s my 4th attempt so far, but I&amp;rsquo;m taking it seriously from this moment.&lt;/p>
&lt;h2 id="exploration">Exploration&lt;/h2>
&lt;p>Arch &lt;em>by the way&lt;/em> is a big FOSS&lt;sup id="fnref:1">&lt;a href="#fn:1" class="footnote-ref" role="doc-noteref">1&lt;/a>&lt;/sup> project, and with that come all the mass collaboration benefits of big FOSS projects: forums, wikis, open docs, etc.&lt;/p>
&lt;p>Speaking of Arch &lt;em>by the way&lt;/em>, the official website is featuring very based and abundant &lt;strong>&lt;a href="https://wiki.archlinux.org/title/Main_page" target="_blank" >wiki&lt;/a>
&lt;/strong> where you can find pretty much anything from &amp;ldquo;how to install arch&amp;rdquo; to &amp;ldquo;yubikey use cases&amp;rdquo;.&lt;/p>
&lt;p>Not gonna lie, it accidentally happens that some package gets broken, making the way out very unclear (my windows dualboot has just gotten damaged, that&amp;rsquo;s for good though). Usually, 5-10 minutes on the web are enough to fix everything and get some additional knowledge about the OS in the meanwhile. Though it is generally a good idea not to overbloat the system with poorly maintained packages and dependencies (packages from official repositories are more than enough for an experienced user).&lt;/p>
&lt;h2 id="threats">Threats&lt;/h2>
&lt;p>The main problem with today&amp;rsquo;s &amp;ldquo;normie operating systems&amp;rdquo; is that no one except their devs knows exactly what code the OS is running. That means one has no choice but to trust Microsoft &amp;amp; Apple &amp;amp; Google &amp;amp; Yandex &amp;amp; Chinese Communist Party that spooky processes don&amp;rsquo;t have backdoors, hidden parts and are not being used to spy on them. I personally don&amp;rsquo;t mind if any data from my camera roll gets compromised, but there are things I prefer to stay private or cannot afford losing (i.e. civil documents, keys to my crypto wallets, PGP master key). Therefore, data leakage is considered a threat. It may come true due to user error (I won&amp;rsquo;t talk about that one seriously) or due to targeted attacks. A general solution would be to use some Linux or BSD distro that is open source (which is ez to say, but hard to actually implement). Although it does not fully mitigate the risk, I would rather rely on transparent projects&amp;rsquo; reputations than on ones of Big Tech corps.&lt;/p>
&lt;p>Apart from having a suspicious operating system, every modern PC has various management modules physically attached to the motherboard as well as some BIOS/UEFI firmware installed there by default. These modules are constantly listening to external commands as long as the battery is attached. Not to mention, they run proprietary code (that we can only guess upon) which makes it technically possible that the data is compromised even when you use a FOSS operating system. People usually overcome this threat completely by &lt;a href="https://www.coreboot.org/users.html" target="_blank" >corebooting&lt;/a>
 their PCs so that none of the proprietary firmware can be possibly run.&lt;/p>
&lt;p>Physical tampering &lt;a href="https://en.wikipedia.org/wiki/Evil_maid_attack" target="_blank" >evil maid attack&lt;/a>
 - when an attacker, having physical access to the PC, modifies some system components (alters EFI partition, mounts a keylogger, swaps the entire hardware) with the sole purpose of touching a passcode and later applying it to the encrypted disk. &lt;em>if the disk is unencrypted, it is trivial to read/copy the contents. Be aware, don&amp;rsquo;t make H. Biden&amp;rsquo;s mistakes&lt;/em>&lt;/p>
&lt;p>Compromised channel with malicious listeners (non-network MITM: power analysis, optical, acoustic, thermal, etc) - uncommon, very hard to implement, yet powerful way to sniff someone&amp;rsquo;s keys. If you find yourself wiretapped with such precision - my condolencies...&lt;/p>
&lt;h2 id="safety">Safety&lt;/h2>
&lt;p>I&amp;rsquo;m not planning to disassemble my laptop and verify every component with magnifier and tweezer in the nearest future, however I&amp;rsquo;ve performed some but &lt;a href="#todo" >not all&lt;/a>
 safety actions to make my data secure from a stranger&amp;rsquo;s eye. Once again, it is not about the &lt;strong>fact&lt;/strong> that the data is compromised, it is about the &lt;strong>risk&lt;/strong> of undetected leakage that I refuse to accept.&lt;/p>
&lt;blockquote>
&lt;p>It&amp;rsquo;s easy to blame some hacker who sits in his room and finds a way to pull your data, but it&amp;rsquo;s statistically not a fraud who ends up with an empty crypto wallet.&lt;/p>
&lt;/blockquote>
&lt;h2 id="so-now-i-have">So now I have...&lt;/h2>
&lt;table>
&lt;thead>
&lt;tr>
&lt;th style="text-align:right">&lt;/th>
&lt;th>&lt;a href="https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system#LVM_on_LUKS" target="_blank" >LVM on LUKS&lt;/a>
-encrypted NVMe SSD partition&lt;/th>
&lt;/tr>
&lt;/thead>
&lt;tbody>
&lt;tr>
&lt;td style="text-align:right">OS&lt;/td>
&lt;td>Arch Linux&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td style="text-align:right">bootloader&lt;/td>
&lt;td>GRUB 2.14&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td style="text-align:right">display manager&lt;/td>
&lt;td>ly&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td style="text-align:right">window manager&lt;/td>
&lt;td>hyprland &lt;em>on wayland&lt;/em>&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td style="text-align:right">shell&lt;/td>
&lt;td>bash&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td style="text-align:right">terminal&lt;/td>
&lt;td>alacritty&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td style="text-align:right">file manager&lt;/td>
&lt;td>lf&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td style="text-align:right">app launcher&lt;/td>
&lt;td>tofi&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td style="text-align:right">text editor&lt;/td>
&lt;td>nvim &lt;em>by nvchad&lt;/em>&lt;/td>
&lt;/tr>
&lt;/tbody>
&lt;/table>
&lt;blockquote>
&lt;p>I don&amp;rsquo;t use a DE (desktop environment) cuz it stands away from simple .dotfiles&lt;sup id="fnref:2">&lt;a href="#fn:2" class="footnote-ref" role="doc-noteref">2&lt;/a>&lt;/sup> philosophy that Linux is famous for, plus I&amp;rsquo;m catching some cringy Windows Registry vibes with &lt;a href="https://en.wikipedia.org/wiki/Dconf" target="_blank" >dconf database&lt;/a>
.&lt;/p>
&lt;/blockquote>
&lt;figure>
 &lt;img src="https://yuri.ag/blog/migrating-to-arch/lockscreen.png" alt="lockscreen: hyprlock">
 &lt;figcaption>
 lockscreen: hyprlock 
 &lt;/figcaption>
&lt;/figure>&lt;figure>
 &lt;img src="https://yuri.ag/blog/migrating-to-arch/desktop.png" alt="workflow: waybar, nvim, htop, lf, alacritty">
 &lt;figcaption>
 workflow: waybar, nvim, htop, lf, alacritty 
 &lt;/figcaption>
&lt;/figure>&lt;blockquote>
&lt;p>The theme is custom and pretty basic. Once I get everything ordered and polished here, I may publish my dotfiles. If you need anything specific - feel free to DM me.&lt;/p>
&lt;/blockquote>
&lt;h2 id="todo">ToDo&lt;/h2>
&lt;ul>
&lt;li>&lt;input checked="" disabled="" type="checkbox"> Enroll my passkey device to LUKS volume&lt;/li>
&lt;li>&lt;input disabled="" type="checkbox"> Encrypt boot partition to counter evil maid - it will slow down boot process a lot, I&amp;rsquo;m not quite sure I want that rn&lt;/li>
&lt;li>&lt;input disabled="" type="checkbox"> Secure boot&lt;/li>
&lt;li>&lt;input disabled="" type="checkbox"> Try plain dm-crypt (detached LUKS header) - to make the thing indistinguishable from a disk filled with random data. Deniable encryption y&amp;rsquo;know...&lt;/li>
&lt;/ul>
&lt;h1 id="footnotes">Footnotes&lt;/h1>
&lt;div class="footnotes" role="doc-endnotes">
&lt;hr>
&lt;ol>
&lt;li id="fn:1">
&lt;p>Free and Open Source Software - software that has been made public. It still comes with a license that grants or doesn&amp;rsquo;t grant a right to modify/share/monetize the code. Licensing is essential cuz if the software does not come with a license, it can quickly obtain one by a first person to notice it and claim the ownership. I&amp;rsquo;m intentionally oversimplifying the process, but you get the idea.&amp;#160;&lt;a href="#fnref:1" class="footnote-backref" role="doc-backlink">&amp;#x21a9;&amp;#xfe0e;&lt;/a>&lt;/p>
&lt;/li>
&lt;li id="fn:2">
&lt;p>Dotfiles usually stand for files in &lt;code>~/.config&lt;/code> and &lt;code>~/.local&lt;/code> directories. They&amp;rsquo;re meant to store user-specific configuration parameters and to be synchronized between various hosts.&amp;#160;&lt;a href="#fnref:2" class="footnote-backref" role="doc-backlink">&amp;#x21a9;&amp;#xfe0e;&lt;/a>&lt;/p>
&lt;/li>
&lt;/ol>
&lt;/div></description></item><item><title>Body is a Vessel</title><link>https://yuri.ag/blog/body-is-a-vessel/</link><pubDate>Thu, 20 Mar 2025 12:07:00 +0000</pubDate><author>agaletskiy@yandex.ru</author><guid>https://yuri.ag/blog/body-is-a-vessel/</guid><description>&lt;h2 id="disclaimer">Disclaimer&lt;/h2>
&lt;p>I&amp;rsquo;m not a professional athlete, nor am I pleased with my current physical and mental situation. But I genuinely see how sports and exercises drag me into a better state where I see improvements, don&amp;rsquo;t feel like shit, am more aware and think more clearly.&lt;/p>
&lt;p>Though any confidence you&amp;rsquo;ll find below is fake, these are no more than thoughts and personal remarks.&lt;/p>
&lt;h2 id="perception">Perception&lt;/h2>
&lt;p>I like to think of myself (and of other people too tbh) as an internal operator, whatever that means, who is using his body as an interface to the outside world. In other words, the body is the only thing through which people can tumble to the essence of my inner self.&lt;/p>
&lt;p>Applying this guideline to people around (primarily to acquaintances) helps a lot in a way that it compels me to distinguish physical impression (attractiveness, neatness, style) from the real mental state of a person. And the latter is clearly primal imo.&lt;/p>
&lt;p>A concept of soul and the nature of decision making (determinism, idealism, self-perception) is above the scope of this pondering. I&amp;rsquo;m just clarifying that although one&amp;rsquo;s body physique affects how we see them, it should never lead to preconceptions, or hasty conclusions.&lt;/p>
&lt;h2 id="reasoning-for-getting-my-ass-out-of-a-couch-occasionally">Reasoning for getting my ass out of a couch (occasionally)&lt;/h2>
&lt;p>The fact is that workouts are definitely staying out of my comfort zone, and yet for some reason I stick committed to my plan. Thus, there must be some motivation behind that I struggle to spot atm.&lt;/p>
&lt;blockquote>
&lt;p>I think, in general I want to wake up one day and think to myself like &amp;ldquo;damn, that&amp;rsquo;s a decent physique&amp;rdquo;... And I expect that day to be sometime within 4-5 years from now&lt;/p>
&lt;/blockquote>
&lt;p>Now that the purpose is defined - shall we proceed with the methods of achieving it... and there are innumerable ways to get in shape... I personally find powerlifting/bodybuilding the most mentally efficient cuz I hate doing isometric exercises, overstretching and running. Powerlifting (for those who don&amp;rsquo;t know) involves &amp;ldquo;just&amp;rdquo; 3 types of lifts: bench press, squat and deadlift. I practice them, on &lt;code>chest&lt;/code>, &lt;code>legs&lt;/code> and &lt;code>back&lt;/code> days correspondingly. All other groups &lt;a href="#my-bodybuilding-routine" >are targeted separately&lt;/a>
 with the help of various gym machines.&lt;/p>
&lt;h2 id="a-bit-of-theory">A bit of theory&lt;/h2>
&lt;p>They say there are 2 main secrets to systematic strength gain and therefore muscle growth:&lt;/p>
&lt;ol>
&lt;li>
&lt;p>progressive overload - continual increase in the total workload of a training session&lt;br>
Human body is lazy and highly adaptable to external impact, so it needs to be constantly challenged to the limit (called muscle fatigue&lt;sup id="fnref:1">&lt;a href="#fn:1" class="footnote-ref" role="doc-noteref">1&lt;/a>&lt;/sup>) in order to improve (this applies to strength training, cardiovascular workouts, flexibility and mobility workouts). When on failure, muscle cells are destroyed, and throughout the week they supercompensate and become stronger than they were initially. An unfortunate side effect of muscle fatigue is the pain that comes along. Even though the post-workout muscle soreness is manageable, there is nothing &lt;em>except some drugs&lt;/em> that would help with pain during the workout itself.&lt;/p>
&lt;/li>
&lt;li>
&lt;p>consistency&lt;br>
There is no point in destroying the same muscle fibers (training till failure) for more than once a week. But having one &lt;code>strength&lt;/code> plus one &lt;code>training&lt;/code> workout (80% of the max volume) weekly is good for both technique and performance boost. For a rookie athlete (1st year in gym) it is recommended to do at least 5 sets per each muscle group a week. All these sets should be till failure or 1-2 reps beyond failure (you&amp;rsquo;ll never know where the failure is without reaching it from time to time). For more experienced dudes (1-3 years of lifting weights) it&amp;rsquo;s generally recommended to increase volume and do 8-15 sets per muscle per week&lt;sup id="fnref:2">&lt;a href="#fn:2" class="footnote-ref" role="doc-noteref">2&lt;/a>&lt;/sup>. That&amp;rsquo;s what I&amp;rsquo;m doing rn.&lt;/p>
&lt;/li>
&lt;/ol>
&lt;p>Those who have been training for more than 3 years are unlikely to need my expertise. Anyway, at that point people use some advanced techniques like myo-reps, lengthened partials, etc.&lt;/p>
&lt;p>Slightly noticeable results in body physique usually appear after 1 month of training, and conspicuous ones - after 3-6 months.&lt;/p>
&lt;p>Another rule is to occasionally change the routine (once every 2-3 months) so the body doesn&amp;rsquo;t get used to the very same sequence of moves. Remember that it has to be challenged at every workout, otherwise the progress will be delayed.&lt;/p>
&lt;h2 id="tips-to-stay-consistent">Tips to stay consistent&lt;/h2>
&lt;p>From a rational person&amp;rsquo;s point of view, staying consistent will require the perceived gains to be strictly more than costs incurred. Gains include subjectiveness, so do costs. The point is that if you focus on searching for positive outcome of the gym sessions, rather than negative, you are more likely to commit eventually. Below are some things I wish I would have done when I started:&lt;/p>
&lt;ul>
&lt;li>Make a &lt;em>weekly plan&lt;/em> (not necessarily a timetable, for some reason I hate these), stick to it.&lt;/li>
&lt;li>Make preparation a routine, do not overthink it - you won&amp;rsquo;t regret going to the gym when you are already in the gym.&lt;/li>
&lt;li>If you are interested in science behind powerlifting/bodybuilding/fitness/whatever else - watch the related content. There are lots of educational and entertaining channels out there.&lt;/li>
&lt;/ul>
&lt;h2 id="my-bodybuilding-routine">My bodybuilding routine&lt;/h2>
&lt;p>I hit my &lt;code>chest&lt;/code>, &lt;code>legs&lt;/code> and &lt;code>back&lt;/code> on separate days of the week. These three types I call primary: the aim is to design and implement workout session around them.&lt;/p>
&lt;blockquote>
&lt;p>The routine is also known as &lt;code>PPL&lt;/code> or &amp;ldquo;Push Pull Legs&amp;rdquo; split.&lt;/p>
&lt;/blockquote>
&lt;p>Arms are targeted at each workout: &lt;code>biceps&lt;/code> on chest day, &lt;code>shoulders&lt;/code> on legs day and &lt;code>triceps&lt;/code> on back day. That way - by training arms and body separately - I allocate the free time and do arms while resting between the sets of the primary muscle groups. &lt;code>Forearms&lt;/code> are also being hit once a week, but are not tied to a particular session. Same for &lt;code>core&lt;/code>. I train them when I feel like it...&lt;/p>
&lt;blockquote>
&lt;p>It&amp;rsquo;s oftenly recommended to hit triceps on push day and thus move biceps to pull day, but I find it much harder to bench press after a decent triceps set. Once again, the initial goal is to wrap the workout around the &lt;code>chest&lt;/code>, without tradeoffs.&lt;/p>
&lt;/blockquote>
&lt;table>
&lt;thead>
&lt;tr>
&lt;th style="text-align:center">&lt;strong>day&lt;/strong>&lt;/th>
&lt;th style="text-align:center">muscle group&lt;/th>
&lt;th style="text-align:center"># of sets per week&lt;/th>
&lt;th style="text-align:left">comment&lt;/th>
&lt;/tr>
&lt;/thead>
&lt;tbody>
&lt;tr>
&lt;td style="text-align:center">&lt;/td>
&lt;td style="text-align:center">&lt;strong>primary&lt;/strong>&lt;/td>
&lt;td style="text-align:center">&lt;/td>
&lt;td>&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td style="text-align:center">1st&lt;/td>
&lt;td style="text-align:center">chest&lt;/td>
&lt;td style="text-align:center">8-10&lt;/td>
&lt;td style="text-align:left">4-5 on bench/dumbbell press, the rest on butterfly machine&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td style="text-align:center">2nd&lt;/td>
&lt;td style="text-align:center">legs&lt;/td>
&lt;td style="text-align:center">12-20&lt;/td>
&lt;td style="text-align:left">4-5 on squats, the rest on hamstrings, inner and outer quads, calves machines&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td style="text-align:center">3rd&lt;/td>
&lt;td style="text-align:center">back&lt;/td>
&lt;td style="text-align:center">12-20&lt;/td>
&lt;td style="text-align:left">4-5 on deadlift, the rest on middle back and upper back machines + pull-ups&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td style="text-align:center">&lt;/td>
&lt;td style="text-align:center">&lt;strong>arms&lt;/strong>&lt;/td>
&lt;td style="text-align:center">&lt;/td>
&lt;td>&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td style="text-align:center">1st&lt;/td>
&lt;td style="text-align:center">biceps&lt;/td>
&lt;td style="text-align:center">8&lt;/td>
&lt;td style="text-align:left">dumbbels and/or leverage machine depending on mood and availability&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td style="text-align:center">2nd&lt;/td>
&lt;td style="text-align:center">shoulders&lt;/td>
&lt;td style="text-align:center">8&lt;/td>
&lt;td style="text-align:left">with focus on medium and rear delts&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td style="text-align:center">3rd&lt;/td>
&lt;td style="text-align:center">triceps&lt;/td>
&lt;td style="text-align:center">8&lt;/td>
&lt;td style="text-align:left">cable pushdown and overhead extension are my favourites&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td style="text-align:center">&lt;/td>
&lt;td style="text-align:center">&lt;strong>additional&lt;/strong>&lt;/td>
&lt;td>&lt;/td>
&lt;td>&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td style="text-align:center">any&lt;/td>
&lt;td style="text-align:center">forearms&lt;/td>
&lt;td style="text-align:center">6&lt;/td>
&lt;td>&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td style="text-align:center">any&lt;/td>
&lt;td style="text-align:center">core&lt;/td>
&lt;td style="text-align:center">3-5&lt;/td>
&lt;td style="text-align:left">decline bench or cable crunch or GHD&lt;/td>
&lt;/tr>
&lt;/tbody>
&lt;/table>
&lt;p>I don&amp;rsquo;t mind what exercise to do at a particular session as long as it causes muscle fatigue and &amp;ldquo;feels good&amp;rdquo;. Even though it&amp;rsquo;s frankly difficult to find even a glimpse of pleasure in regular and continuous pain, the trick is to enjoy small things like communication/pondering during workout and a short period of mental uplift right after the session. Having a &lt;strong>gymbro&lt;/strong> has helped me a lot: struggling together makes it easier and more fun.&lt;/p>
&lt;div class="footnotes" role="doc-endnotes">
&lt;hr>
&lt;ol>
&lt;li id="fn:1">
&lt;p>Muscle fatigue is when muscles that were initially generating a normal amount of force, then experience a declining ability to generate force&amp;#160;&lt;a href="#fnref:1" class="footnote-backref" role="doc-backlink">&amp;#x21a9;&amp;#xfe0e;&lt;/a>&lt;/p>
&lt;/li>
&lt;li id="fn:2">
&lt;p>Bigger &lt;code>legs&lt;/code> and &lt;code>back&lt;/code> muscles are considered to tolerate more volume, so they need more sets than other groups.&amp;#160;&lt;a href="#fnref:2" class="footnote-backref" role="doc-backlink">&amp;#x21a9;&amp;#xfe0e;&lt;/a>&lt;/p>
&lt;/li>
&lt;/ol>
&lt;/div></description></item><item><title>Cryptocurrencies</title><link>https://yuri.ag/blog/crypto/</link><pubDate>Wed, 27 Nov 2024 12:35:00 +0000</pubDate><author>agaletskiy@yandex.ru</author><guid>https://yuri.ag/blog/crypto/</guid><description>&lt;p>Below are my thoughts on what crypto is, how Bitcoin works, why it is so based and red-pilled and what are its downsides as I see them, as well as some extra educational &lt;a href="#resources" >resources&lt;/a>
 that I strongly recommend to a person who is new to the crypto world.&lt;/p>
&lt;h2 id="introduction">Introduction&lt;/h2>
&lt;p>The fundamental property of money is its &lt;strong>scarcity&lt;/strong>. It&amp;rsquo;s something that gives it &lt;strong>value&lt;/strong> in the first place. Once the asset is valuable, it can be bought/sold/lost or stealed. We can&amp;rsquo;t exchange let&amp;rsquo;s say air or &amp;ldquo;thank you&amp;rdquo; statements with others because the outside world is full of strangers and people claiming they have value when they in fact don&amp;rsquo;t. We do not want to trust that kind of people so we demand for an asset that is:&lt;/p>
&lt;ol>
&lt;li>Scarce - no one should have the ability to produce it out of thin air&lt;/li>
&lt;li>Recognizable - otherwise others won&amp;rsquo;t see value in an asset you are trying to pitch them&lt;/li>
&lt;/ol>
&lt;p>That&amp;rsquo;s it. Other properties of money you&amp;rsquo;ll find on the internet: fungibility, durability, stability, etc. are no more than grades of convenience.&lt;/p>
&lt;p>History, for instance, knows many creative and peculiar types of money: from seashells to &lt;a href="https://en.wikipedia.org/wiki/Rai_stones" target="_blank" >gigantic limestones placed along village pathways&lt;/a>
. They are all legitimate as long as people are willing to trade goods &amp;amp; services for them and believe the others will do the same.&lt;/p>
&lt;h2 id="digital-worlds-challenge">Digital world&amp;rsquo;s challenge&lt;/h2>
&lt;p>What separates digital things apart from physical goods is the nature of &lt;strong>information&lt;/strong>. The latter, unlike physical things, can be copied and broadcast almost indefinetely. It&amp;rsquo;s important that the initial holder/creator does not anyhow lose his copy - his copy just becomes less scarce. However, there are some coersive mechanisms (aka copyrights) that are designed to slow down free flow of information and raise reproduction costs.&lt;/p>
&lt;p>Now imagine you are chatting with a random person who claims he has a thousand &amp;ldquo;digital things&amp;rdquo; that he can send to you right now in an exchange for some information you have. What would make you believe that these &amp;ldquo;digital things&amp;rdquo; are at least some valuable? Their scarcity for sure would. If you can somehow make sure that the &amp;ldquo;things&amp;rdquo; are indeed scarce (not just thought up by the stranger), you are dealing with money so you don&amp;rsquo;t have to trust the stranger anymore. Having this information, you are free to choose: do you value a thousand &amp;ldquo;digital things&amp;rdquo; more or less than something he demands in exchange?&lt;/p>
&lt;blockquote>
&lt;p>I&amp;rsquo;m intentionally omitting the prisoner&amp;rsquo;s dilemma situation when counterparty can run out with the money before he completes his part of the deal. The absence of a direct trustless mechanism to link physical and abstract worlds together is what makes it difficult to preserve the same causality in the abstract one.&lt;/p>
&lt;/blockquote>
&lt;p>So how can we be sure that the balances are not made up by the stranger - he is always incentivised to lie because his wealth is directly proportional to the size of that lie?&lt;/p>
&lt;p>That is why digital scarcity had been as much of a challenge until the first ever cryptocurrency - Bitcoin - was invented.&lt;/p>
&lt;h2 id="bitcoin-explained">Bitcoin explained&lt;/h2>
&lt;p>In essence, Bitcoin is a digital file that anyone can download from the internet, read and modify. However, if you change it by your own rules - it is immediately seen as fraudulent by other users you share it with. How is it possible?&lt;/p>
&lt;h3 id="transaction-chain">Transaction chain&lt;/h3>
&lt;p>There are some accounts in Bitcoin ledger (also known as &amp;ldquo;transaction outputs&amp;rdquo;) that have some balances attached to them. When a person wants to send his money, he:&lt;/p>
&lt;ol>
&lt;li>Adds a recepient or several recepients &lt;em>In fact transactions are more like math puzzles to solve. For example, a certain output can be locked and used when 2/3 of signatures are provided for an escrow based transactions&lt;sup id="fnref:1">&lt;a href="#fn:1" class="footnote-ref" role="doc-noteref">1&lt;/a>&lt;/sup>.&lt;/em>&lt;/li>
&lt;li>references his own UTXOs (unspent transaction outputs) and attaches a digital signature&lt;sup id="fnref:2">&lt;a href="#fn:2" class="footnote-ref" role="doc-noteref">2&lt;/a>&lt;/sup> to unlock each of them (it acts as a kind of ownership proof)&lt;/li>
&lt;li>broadcasts it to the network.&lt;/li>
&lt;/ol>
&lt;p>After a transaction is included in the ledger, this UTXO becomes someone else&amp;rsquo;s balance that can be spent by the very same rules, all forming a transaction chain.&lt;/p>
&lt;h3 id="cause-and-effect">Cause and effect&lt;/h3>
&lt;p>As mentioned before, it is not trivial to link physical and abstract worlds together, while nothing described so far prevents a fraud from a &amp;ldquo;double-spending attack&amp;rdquo;. And that&amp;rsquo;s when the first serious problem arises...&lt;/p>
&lt;p>Here is an example of such an attack where Chad sends money to Katie and then reverses that transaction back to himself by:&lt;/p>
&lt;ol>
&lt;li>Creating a valid transaction pointing to Katie and broadcasting it to the world&lt;/li>
&lt;li>waiting till Katie ships the product / serves a coffee or does whatever intended&lt;/li>
&lt;li>creating another valid transaction pointing the same UTXOs to himself and broadcasting it to the network.&lt;/li>
&lt;/ol>
&lt;p>Chad can with ease falsify a timestamp when the second transaction was created, so we can&amp;rsquo;t rely on time as stated by sender. Moreover, any transaction made by anyone is always passed node-by-node through the whole network. Because of the time delays, different nodes will likely receive transactions in different order, thus having different versions of the chain. We can never tell which transaction had been made first and which one came after, but at the same time we want the whole network to reach agreement on the order at which the transactions are considered spent. We witness causality in physical world (when Katie sold a physical thing in exchange for some virtual currency), and we may as well want the virtual one to preserve the very same order.&lt;/p>
&lt;p>And amazingly, there is a way to endorse consensus in a peer-to-peer network by using a set of cryptographic tools and a list of mutual agreements.&lt;/p>
&lt;h3 id="hash-function">Hash function&lt;/h3>
&lt;p>Hash function is a certain rule that takes X as an input and makes some Y as an output. The function is designed in such a way that the X value can be anything (it&amp;rsquo;s just a piece of data) while Y fits some global properties.&lt;/p>
&lt;p>Here is a table of some simple X values given to SHA-1 hash function&lt;/p>
&lt;table>
&lt;thead>
&lt;tr>
&lt;th style="text-align:center">X&lt;/th>
&lt;th style="text-align:center">SHA-1&lt;/th>
&lt;th>Y&lt;/th>
&lt;/tr>
&lt;/thead>
&lt;tbody>
&lt;tr>
&lt;td style="text-align:center">text123&lt;/td>
&lt;td style="text-align:center">-&amp;gt;&lt;/td>
&lt;td>&lt;code>f6f32842278d8896c49d768cc02568ece8715eee&lt;/code>&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td style="text-align:center">bitcoin&lt;/td>
&lt;td style="text-align:center">-&amp;gt;&lt;/td>
&lt;td>&lt;code>ed1b8d80793e70c0608e8a8508a8dd80f6aa56f9&lt;/code>&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td style="text-align:center">bitc0in&lt;/td>
&lt;td style="text-align:center">-&amp;gt;&lt;/td>
&lt;td>&lt;code>603a006a996c2f0f4565e17663092d00a231be19&lt;/code>&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td style="text-align:center">password&lt;/td>
&lt;td style="text-align:center">-&amp;gt;&lt;/td>
&lt;td>&lt;code>5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8&lt;/code>&lt;/td>
&lt;/tr>
&lt;/tbody>
&lt;/table>
&lt;p>As you may have noticed, Y values are all of the same size, plus the occurance of each 16 symbols (0-9, A-F) is roughly the same, so Y looks very random (even though it is fully determined by X and a corresponding hash function).&lt;/p>
&lt;p>Given the same X, it will always produce the same Y - you can try it &lt;a href="https://xorbin.com/tools/sha1-hash-calculator" target="_blank" >yourself&lt;/a>
. But if X is changed even slightly - Y result becomes totally different and unpredictable (take a close look at 2nd and 3rd row of the table above).&lt;/p>
&lt;p>Now let&amp;rsquo;s assume I have the Y (that looks random to you) - how can you figure out the X?&lt;/p>
&lt;table>
&lt;thead>
&lt;tr>
&lt;th style="text-align:center">Y&lt;/th>
&lt;th style="text-align:center">&lt;/th>
&lt;th style="text-align:center">X&lt;/th>
&lt;/tr>
&lt;/thead>
&lt;tbody>
&lt;tr>
&lt;td style="text-align:center">&lt;code>b9aef4d5e208a5a4378c40623a2495aff72c9e76&lt;/code>&lt;/td>
&lt;td style="text-align:center">-&amp;gt;&lt;/td>
&lt;td style="text-align:center">???&lt;/td>
&lt;/tr>
&lt;/tbody>
&lt;/table>
&lt;p>The answer is &amp;ldquo;you can&amp;rsquo;t&amp;rdquo; if X is large enough. At least with today&amp;rsquo;s level of math and computer science.&lt;/p>
&lt;p>The most you can do is to brute-force every common variant of X i.e. &amp;ldquo;1&amp;rdquo;, &amp;ldquo;12345678&amp;rdquo;, &amp;ldquo;&amp;rdquo;, &amp;ldquo;qwerty&amp;rdquo; and compare them with Y that I gave you. Once they match - congratulations - you&amp;rsquo;ve cracked the code. But what if I had fliped a coin 200 times and converted the results to X before I shared this Y with you? Modern computers can&amp;rsquo;t brute-force this much entropy so you are extremely unlikely to guess the X while knowing the Y.&lt;/p>
&lt;p>That is what makes hash function so special and applicable for digital scarcity creation. It&amp;rsquo;s impossible to find X for a certain made-up Y, and it gets more and more likely when we raise the range. For example, it takes 16 guesses on average to find a hash that starts with a zero. For two zeros, it will take around 256 guesses and so on. The threshold (aka mining difficuty) in Bitcoin is calculated and adjusted in such a way that it will take the whole world about 10 minutes to find a &amp;ldquo;beautiful hash&amp;rdquo; and thus &amp;ldquo;solve&amp;rdquo; the &amp;ldquo;block&amp;rdquo;.&lt;/p>
&lt;h3 id="blockchain">Blockchain&lt;/h3>
&lt;p>Blocks (groups of transactions, plus some additional data) add an extra layer of abstraction that is needed to safeguard the system from double-spending attack and preserving a fixed order of transactions that nodes&lt;sup id="fnref:3">&lt;a href="#fn:3" class="footnote-ref" role="doc-noteref">3&lt;/a>&lt;/sup> agree upon. Transactions in the same block are considered to have happened at the same time and should not contradict themselves. Blocks are linked together and grouped into the blockchain.&lt;/p>
&lt;p>When a transaction is formed and signed by UTXO owner, it is passed to the network nodes and is added to something called their &amp;ldquo;memory pool&amp;rdquo; (a pool of transactions as known by a particular node). If the transaction fee (signed by an UTXO owner as a part of transaction) is sufficient, node includes it in it&amp;rsquo;s own version of a new block and starts &amp;ldquo;mining&amp;rdquo;:&lt;/p>
&lt;h3 id="mining">Mining&lt;/h3>
&lt;ol>
&lt;li>Transactions filtered by fee are grouped into a new block.&lt;/li>
&lt;li>Node then calculates a hash of these transactions (aka hashMerkleRoot) that appears as a bunch of pseudorandom digits. It also calculates a header with imestamp, previous block hash and other data.&lt;/li>
&lt;li>It then picks a number (nonce)&lt;sup id="fnref:4">&lt;a href="#fn:4" class="footnote-ref" role="doc-noteref">4&lt;/a>&lt;/sup> that is added to the end of the block and calculates hash comparing it to the threshold. If it doesn&amp;rsquo;t work out (it usually doesn&amp;rsquo;t), another nonce is picked.&lt;/li>
&lt;/ol>
&lt;ul>
&lt;li>Step 3 is repeated until block hash is below certain value (starts with a bunch of zeros). It will eventually happen but this outcome cannot be predicted and needs permanent brute-forcing.&lt;/li>
&lt;/ul>
&lt;p>If node manages to &amp;ldquo;close the block&amp;rdquo;, it broadcasts the solution and that block gets connected to the blockchain of another nodes (the rule of thumb is that nodes always switch to the longest branch). Each miner then has to update their block headers that should always point to the newest block - according to protocol.&lt;/p>
&lt;p>Keep in mind that if any portion of block contents (let&amp;rsquo;s say some output balance) changes - it immediately invalidates the hash of the block, so the guessing process needs to be started from the beginning. If an attacker tries to change something in the middle of the blockchain, not only it breaks a beautiful hash value of the tampered block, but also invalidates each and every block that comes after (bacause they are all linked and point at each other).&lt;/p>
&lt;p>Though it sometimes happens that several nodes propose their different block solutions simultaneously, forming a notorious lack of consensus. But that issue is not persistent: when several nodes have different blocks at the end of their blockchains, they just start building on top of whatever they have. When a solution is found, it gets broadcast so all of the nodes abandon another branches and switch to the longest one (that&amp;rsquo;s no more than initial agreement). The math makes it rare for several block solutions to appear at the same time, and even more rare for it to happen several times in a row - so the system quickly stabilizes.&lt;/p>
&lt;blockquote>
&lt;p>However, your transaction may find itself in one of these abandoned chains and there is no guarantee that it will be included in the main blockchain. When sending a transaction, it is considered a good idea to wait for 2-3 blocks to stack up on top, whereupon it becomes safe and sound.&lt;/p>
&lt;/blockquote>
&lt;blockquote>
&lt;p>A common transaction usually includes more outputs than inputs. That&amp;rsquo;s because UTXO cannot be divided into parts. If Chad has 0.1BTC to send Katie, but his UTXO has 1BTC, he should split it into 0.1BTC that will be locked for Katie and 0.9BTC that goes back to Chad forming a new, smaller UTXO.&lt;/p>
&lt;/blockquote>
&lt;p>A typical block looks like this:&lt;/p>
&lt;pre tabindex="0">&lt;code>+-------------------+-------------------------+ 
| BLOCK HEADER | TRANSACTIONS | DIGITAL SIGNATURES 
| (32 Bytes) | (about 1.5MB) | (usually outside the block) 
| | |--------------------------------
| version | coinbase transaction | - acts as an extra reward to a
| prev. block hash | (newly generated coins) | miner that solved the block
| curr. block hash | | 
| timestamp | tx1: from Alice to Bob | - minus fees that go to whoever
| difficulty target | | / solves the block first
| nonce | tx2: from Chad to Katie |/ 
+-------------------+-------------------------+ 
&lt;/code>&lt;/pre>&lt;h2 id="downsides--solutions">Downsides &amp;amp; Solutions&lt;/h2>
&lt;ol>
&lt;li>
&lt;p>Proof of Work is a race that requires a constant search of beautiful hashes. The more electricity you consume and the more computing power you contribute, the more profit you are likely to gain. That is a big concern of eco-activists and other people who fail to bring subjective values surplus into their moral equation.&lt;/p>
&lt;/li>
&lt;li>
&lt;p>Bitcoin at its core is not anonymous at all. The most it gives is pseudonymity, which is not enough if you are trying to move your balances apart from your identity.&lt;/p>
&lt;ul>
&lt;li>First of all, every time you connect to Bitcoin network, you flash your IP address to the nodes. That creates an opportunity for bad actors to link your transaction with your identity (if you access some social network or some government website, you automatically provide them with the very same IP).
&lt;ul>
&lt;li>Solution: mask you IP through TOR or I2P, be careful and do that each time you send digital funds. For full anonymity you can as well hide your MAC address, but that&amp;rsquo;s not trivial and requires time as well as some tech skills that majority do not have.&lt;/li>
&lt;/ul>
&lt;/li>
&lt;li>Secondly, when you sign a transaction, you prove the UTXO (or multiple UTXOs) ownership. The attacker can analyze this data: either link these UTXOs to each other and potentially to your personality, or sometimes figure out how many Bitcoins you continue to own.
&lt;ul>
&lt;li>Solution: coin mixers (Wasabi Wallet for BTC, Tornado Cash for ETH) &lt;em>they are illegal in many countries&lt;/em> or anonymous crypto solutions (Monero, Zcash).&lt;/li>
&lt;/ul>
&lt;/li>
&lt;/ul>
&lt;/li>
&lt;li>
&lt;p>Volatility.&lt;/p>
&lt;ul>
&lt;li>Bitcoin economy is deflationary while many assets are held on few accouts.
&lt;ul>
&lt;li>If the early miners (who currently own lots of Bitcoin) find their ways to spend these assets, it would create a short-term shock which would cause BTC price drop. I personally do not see a threat in this scenario - it still fits market rules. 1 Bitcoin will always equal 1 Bitcoin on my account, regardless of the current BTC-USD exchange rate.&lt;/li>
&lt;/ul>
&lt;/li>
&lt;li>Sad to say, Bitcoin price strongly depends on other cryptocurrencies perfomance. Remember how Terra&amp;rsquo;s price dropped in May 2022, which resulted BTC outflow. Soon after that - in Nov 2022 - we witnessed another significant BTC price slump when FTX exchange got bankrupt.
&lt;ul>
&lt;li>There is no solution to volatility except for taking advantage of it. Most people tend to extrapolate some local failures of shady projects to the whole crypto sector. I find it irrational to lose faith and withdraw BTC in such occasions, so I sometimes find myself speculating and buying more BTC on &amp;ldquo;bear market&amp;rdquo;. And yes, we&amp;rsquo;ll certainly see worse times as another centralized exchanges, stablecoins and other projects will fail due to their centralized nature and because of governmental pressure.&lt;/li>
&lt;li>Do not keep assets in centralised exchanges. Be aware that ETH L2s, USDT, TON are somewhat centralized, hence assets there depend on Vitalic&amp;rsquo;s, Paolo&amp;rsquo;s, Pavel&amp;rsquo;s and others good mood. &lt;strong>Traditional institutions are finite, truly decentralized ones are not.&lt;/strong> Shout-out to Satoshi Nakamoto (whoever they are) for keeping BTC economy independent of its creator.&lt;/li>
&lt;/ul>
&lt;/li>
&lt;/ul>
&lt;/li>
&lt;/ol>
&lt;h2 id="tldr">TLDR&lt;/h2>
&lt;p>Summing up, in &amp;ldquo;Proof of Work&amp;rdquo; principle that Bitcoin uses, a goal is to find some hash below certain value (meaning that it starts with bunch of zeros). Therefore, we find ourselves in a game of random guesses, where the aim is to get &lt;code>Y = hash(X+nonce) &amp;lt; threshold&lt;/code>&lt;sup id="fnref1:4">&lt;a href="#fn:4" class="footnote-ref" role="doc-noteref">4&lt;/a>&lt;/sup>. That is the core idea behind &amp;ldquo;Proof of Work&amp;rdquo; when millions of nodes are competing with each other to find a beautiful hash. The process brings time consensus to decentralised network which helps to create digital scarcity.&lt;br>
An obvious consequence of that global race is that the guessing process consumes a lot of computing power and elictricity which is a major concern of normies. In addition, more and more countries now ban their citizens to mine or even own Bitcoin (which&amp;rsquo;s funny). What these people do not realize is that by cutting the demand for some naturally scarce good, they force people to keep their savings in some cringy and higly inflationary fiat currencies that lose to crypto virtually in every aspect.&lt;/p>
&lt;h2 id="resources">Resources&lt;/h2>
&lt;p>Ultra-based and exhaustive youtube video: &lt;a href="https://www.youtube.com/watch?v=Lx9zgZCMqXE" target="_blank" >&lt;strong>How bitcoin works under the hood&lt;/strong>&lt;/a>
 (the author have also made a &lt;a href="https://www.imponderablethings.com/2013/07/how-bitcoin-works-under-hood.html" target="_blank" >&lt;strong>blog post&lt;/strong>&lt;/a>
 with transcript and pictures).&lt;br>
There is one on &lt;a href="https://www.youtube.com/watch?v=yKdK-7AtAMQ" target="_blank" >&lt;strong>Lightning network&lt;/strong>&lt;/a>
 as well.&lt;/p>
&lt;p>Bitcoin explorer and online mempool of Bitcoin transactions: &lt;a href="https://mempool.space" target="_blank" >&lt;strong>mempool.space&lt;/strong>&lt;/a>
&lt;/p>
&lt;p>I will update this list while descovering new useful resources.&lt;/p>
&lt;h1 id="footnotes">Footnotes&lt;/h1>
&lt;div class="footnotes" role="doc-endnotes">
&lt;hr>
&lt;ol>
&lt;li id="fn:1">
&lt;p>This method is leveraged in a &amp;ldquo;Lightning network&amp;rdquo; that provides an off-chain protocol that aims to lower the fees and increase the transaction confirmation speed. All in a completely trustless way.&amp;#160;&lt;a href="#fnref:1" class="footnote-backref" role="doc-backlink">&amp;#x21a9;&amp;#xfe0e;&lt;/a>&lt;/p>
&lt;/li>
&lt;li id="fn:2">
&lt;p>Digital signature is a way to mathematically verify the authentity of the message. Unlike a hand signature, digital one is cryptographically bound to the particular message and therefore becomes invalid once the message is tampered.&amp;#160;&lt;a href="#fnref:2" class="footnote-backref" role="doc-backlink">&amp;#x21a9;&amp;#xfe0e;&lt;/a>&lt;/p>
&lt;/li>
&lt;li id="fn:3">
&lt;p>A bitcoin node is one of the computers that is connected to the network and runs bitcoin software. It maintains the blockchain while receiving transactions (and new blocks) from other nodes. Occasionally it finds new block solutions and gets revarded with fees of the transactions inside the block and with newly generated bitcoins (coinbase transaction)&amp;#160;&lt;a href="#fnref:3" class="footnote-backref" role="doc-backlink">&amp;#x21a9;&amp;#xfe0e;&lt;/a>&lt;/p>
&lt;/li>
&lt;li id="fn:4">
&lt;p>Nonce is a number that is guessed by node and acts as the main part of block solution.&amp;#160;&lt;a href="#fnref:4" class="footnote-backref" role="doc-backlink">&amp;#x21a9;&amp;#xfe0e;&lt;/a>&amp;#160;&lt;a href="#fnref1:4" class="footnote-backref" role="doc-backlink">&amp;#x21a9;&amp;#xfe0e;&lt;/a>&lt;/p>
&lt;/li>
&lt;/ol>
&lt;/div></description></item><item><title>Master secret backup</title><link>https://yuri.ag/blog/master-backup/</link><pubDate>Fri, 23 Aug 2024 17:04:37 +0000</pubDate><author>agaletskiy@yandex.ru</author><guid>https://yuri.ag/blog/master-backup/</guid><description>&lt;h2 id="introduction">Introduction&lt;/h2>
&lt;p>So I&amp;rsquo;ve decided to future-proof my master key with a highly resilient multi-share backup that is expected to last a lifetime.&lt;/p>
&lt;p>The goal is to have a deterministic BTC and XMR wallets that are scattered around the world so that I don&amp;rsquo;t have easy access to them. That way I mitigate a point of failure when an attacker with a gun pointing at me can get the location of my secret key&lt;sup id="fnref:1">&lt;a href="#fn:1" class="footnote-ref" role="doc-noteref">1&lt;/a>&lt;/sup> and potentially steal my assets or deanonymise my balances.&lt;/p>
&lt;h3 id="the-idea-is-to">The idea is to:&lt;/h3>
&lt;ol>
&lt;li>generate an entropy&lt;sup id="fnref:2">&lt;a href="#fn:2" class="footnote-ref" role="doc-noteref">2&lt;/a>&lt;/sup>&lt;/li>
&lt;li>use it for initial cryptocurrency wallets generation&lt;/li>
&lt;li>then split it into multiple shares with SSSS formula&lt;sup id="fnref:3">&lt;a href="#fn:3" class="footnote-ref" role="doc-noteref">3&lt;/a>&lt;/sup> and stamp them into a set of &amp;ldquo;316 stainless-steel&amp;rdquo; washers&lt;sup id="fnref:4">&lt;a href="#fn:4" class="footnote-ref" role="doc-noteref">4&lt;/a>&lt;/sup> (&lt;a href="https://github.com/minibolt-guide/minibolt/blob/main/bonus/bitcoin/safu-ninja.md" target="_blank" >SAFU Ninja&lt;/a>
 method)&lt;/li>
&lt;li>distribute the shares to trusted parties - to lose full ownership over my master key (it is formally not longer &amp;ldquo;mine&amp;rdquo; from now on).&lt;/li>
&lt;/ol>
&lt;h2 id="preparation">Preparation&lt;/h2>
&lt;figure>
 &lt;img src="https://yuri.ag/blog/master-backup/overview.jpg" alt="overview" title="overview">
 &lt;figcaption>
 overview 
 &lt;/figcaption>
&lt;/figure>&lt;h3 id="list-of-tools">List of tools&lt;/h3>
&lt;ul>
&lt;li>Stamping kit &amp;amp; Hammer&lt;/li>
&lt;li>Washers, Wrench, Nuts &amp;amp; Bolts - to assemble the storage itself&lt;/li>
&lt;li>3D-printed &amp;ldquo;blockmit&amp;rdquo; support piece&lt;sup id="fnref:5">&lt;a href="#fn:5" class="footnote-ref" role="doc-noteref">5&lt;/a>&lt;/sup>&lt;/li>
&lt;li>Coin - as an ultimate entropy source&lt;/li>
&lt;li>PC, tablet or smartphone with 100% trusted software&lt;/li>
&lt;/ul>
&lt;h3 id="software-prep">Software prep&lt;/h3>
&lt;p>The way I did it was by loading the &lt;code>.html&lt;/code> wallet generator files on a freshly-installed Archlinux OS, double-checking their integrity via &lt;code>gpg&lt;/code> tool, cutting off all the networking modules and fully charging the battery (ensuring a stable power supply during the whole process).&lt;/p>
&lt;blockquote>
&lt;p>A hard thing was to come up with the optimal number of shares and a threshold that would be processed by the SSSS tool. I obviously can&amp;rsquo;t disclose my personal shares and threshold values due to privacy reasons, though I find 3/6 or 4/8 a good equilibrium.&lt;/p>
&lt;/blockquote>
&lt;h2 id="key-generation-process">Key generation process&lt;/h2>
&lt;p>Step 1: Generating an entropy&lt;sup id="fnref:6">&lt;a href="#fn:6" class="footnote-ref" role="doc-noteref">6&lt;/a>&lt;/sup> while keeping an eye on its exposure: no one should view, hear or sniff it.&lt;/p>
&lt;p>Step 2: using the entropy to get seed phrases&lt;sup id="fnref:7">&lt;a href="#fn:7" class="footnote-ref" role="doc-noteref">7&lt;/a>&lt;/sup> and generate crypto wallets.&lt;/p>
&lt;p>Step 3: entering the entropy into SSSS tool, getting secret &amp;ldquo;shares&amp;rdquo;.&lt;/p>
&lt;p>Step 3: Stamping the shares into the washers while numerating every washer of each stack to avoid mixing them by accident.&lt;/p>
&lt;p>Step 4: Getting rid of all copies of the key except for the newly created SSSS shares.&lt;/p>
&lt;h2 id="result">Result&lt;/h2>
&lt;p>Now that I have a certain number of shares that can be combined into the master key once the threshold is met, I can distribute them all over the world making sure that I&amp;rsquo;m still able to access and connect them at a reasonable time.&lt;/p>
&lt;figure>
 &lt;img src="https://yuri.ag/blog/master-backup/result.jpg" alt="result" title="result">
 &lt;figcaption>
 result 
 &lt;/figcaption>
&lt;/figure>&lt;blockquote>
&lt;p>If you are handing over your shares - consider sharing it with ones you trust, so they keep a dedicated piece safe and sound. Be careful with the threshold - it shouldn&amp;rsquo;t be too little or too many. Another thing to consider is an ability to recover the key if you disappear - think of distributing a sufficient number of shares among your closest circle, so they can cooperate and get the funds if something happens to you. But also consider the risk of opportunistic behavior - share the key with someone you 100% trust and/or want to see as your heir&lt;sup id="fnref:8">&lt;a href="#fn:8" class="footnote-ref" role="doc-noteref">8&lt;/a>&lt;/sup>.&lt;/p>
&lt;/blockquote>
&lt;p>&lt;em>please contact me if you find any broken links or mistakes you consider significant&lt;/em>&lt;/p>
&lt;h1 id="footnotes">Footnotes&lt;/h1>
&lt;div class="footnotes" role="doc-endnotes">
&lt;hr>
&lt;ol>
&lt;li id="fn:1">
&lt;p>However, attacker could point a gun at every shareholder I have, though it&amp;rsquo;s much more complicated thing to implement. Besides, no one is 100% insured against that risk even with today&amp;rsquo;s level of civil security &amp;amp; surveillance. After all, there is no &amp;ldquo;perfect security&amp;rdquo; - there is a spectrum. This method is the most paranoid implementation that I could possibly think of. If you feel confident using online mnemonic generators and do not mind holding decent amounts of money on a so-called hot wallet - be my guest. My philosophy while generating my key was to reduce the number of its potential witnesses as much as I possibly could. Now and only now I am sure that my key haven&amp;rsquo;t been touched by anyone but my brain (that is kind of dumb and forgetful).&amp;#160;&lt;a href="#fnref:1" class="footnote-backref" role="doc-backlink">&amp;#x21a9;&amp;#xfe0e;&lt;/a>&lt;/p>
&lt;/li>
&lt;li id="fn:2">
&lt;p>&lt;code>Entropy&lt;/code> - a large random number that defines a unique crypto wallet. The whole point of generating randomness is to ensure unlikelihood of anyone getting the same number by accident and impossibility of brute-forcing it. If anyone touches the entropy - they can restore corresponding wallet and access all of the funds inside, so the safer generation and distribution process is - the more secure the funds are.&amp;#160;&lt;a href="#fnref:2" class="footnote-backref" role="doc-backlink">&amp;#x21a9;&amp;#xfe0e;&lt;/a>&lt;/p>
&lt;/li>
&lt;li id="fn:3">
&lt;p>&lt;code>SSSS&lt;/code> (Shamir&amp;rsquo;s Secret Sharing System) - a very based method of splitting a secret into any number of shares such that when a predefined threshold is met, these shares can be combined back into the secret. Amazingly, if any number of shares below the threshold is compromised - attacker still doesn&amp;rsquo;t know shit about the key itself. In other words, until you own no less than a threshold amount of shares, it&amp;rsquo;s not even a bit easier for you to guess an entropy in any way (in comparison with the most-popular &lt;code>xx0&lt;/code> &lt;code>0xx&lt;/code> &lt;code>x0x&lt;/code> word split when one share reveals 2/3 of the secret and makes it 2^(256*2/3) times easier for the attacker to brute-force the entropy)&amp;#160;&lt;a href="#fnref:3" class="footnote-backref" role="doc-backlink">&amp;#x21a9;&amp;#xfe0e;&lt;/a>&lt;/p>
&lt;/li>
&lt;li id="fn:4">
&lt;p>I used AISI-316 stainless that is the next most common grade after AISI-304. The former is a bit more expensive but resistant to corrosion which is important to my use case.&amp;#160;&lt;a href="#fnref:4" class="footnote-backref" role="doc-backlink">&amp;#x21a9;&amp;#xfe0e;&lt;/a>&lt;/p>
&lt;/li>
&lt;li id="fn:5">
&lt;p>The piece had been slightly modified from the original version to cover all 360° of the washer. That way a total of 14 characters can be put on a single side instead of original 10. Here is a &lt;a href="https://yuri.ag/blog/master-backup/blockmit-piece.zip" >source archieve&lt;/a>
 in case you want to reproduce my version.&amp;#160;&lt;a href="#fnref:5" class="footnote-backref" role="doc-backlink">&amp;#x21a9;&amp;#xfe0e;&lt;/a>&lt;/p>
&lt;/li>
&lt;li id="fn:6">
&lt;p>I would recommend doing it by non-digital means e.g. flipping a coin, rolling a die or shuffling a card deck. This way you are avoiding a risk of getting &amp;ldquo;pseudorandom number&amp;rdquo; which is obviously worse than pure randomness.&amp;#160;&lt;a href="#fnref:6" class="footnote-backref" role="doc-backlink">&amp;#x21a9;&amp;#xfe0e;&lt;/a>&lt;/p>
&lt;/li>
&lt;li id="fn:7">
&lt;p>&lt;code>Seed phrase&lt;/code> - a sequence of words that encodes the secret in a simpler, more human-readable format aka &lt;code>mnemonic&lt;/code>. Each word represents 11 bits of entropy. Mnemonic is usually 12 or 24 words long which is 128 and 256 bits of entropy correspondingly. Leaking a seed phrase is equivalent to leaking the entropy. The concept was introduced in &lt;a href="https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki" target="_blank" >BIP-39&lt;/a>
.&amp;#160;&lt;a href="#fnref:7" class="footnote-backref" role="doc-backlink">&amp;#x21a9;&amp;#xfe0e;&lt;/a>&lt;/p>
&lt;/li>
&lt;li id="fn:8">
&lt;p>Example: Chad creates 5 shares and makes the threshold equal to 3 meaning that any 3 of 5 shares are sufficient to recreate the master key.&lt;br>
He decides to keep 2 of the shares with him and distributes another 3 among his friends and family. Now if anything happens to Chad, his relatives can combine their parts to get access to his funds. If more than 2 parts are lost - the key cannot be recovered and the funds are locked forever. You may argue that the system has a crucial vulnerability of Chad&amp;rsquo;s friends &amp;amp; relatives cooperating and spending the money without his consent. However, the pros of using this type of sharing may overvalue the cons of it. In the method above none of the 3rd parties like governments or local courts are being relied on, so the system is totally self-sufficient. The funds belong to the key owner regardless of what the local authorities may think. They cannot be frozen/stolen/expropriated/compromised as long as the secret is safe. And now it is pretty damn safe.&amp;#160;&lt;a href="#fnref:8" class="footnote-backref" role="doc-backlink">&amp;#x21a9;&amp;#xfe0e;&lt;/a>&lt;/p>
&lt;/li>
&lt;/ol>
&lt;/div></description></item><item><title>About me</title><link>https://yuri.ag/blog/about/</link><pubDate>Fri, 12 Jul 2024 18:53:56 +0000</pubDate><author>agaletskiy@yandex.ru</author><guid>https://yuri.ag/blog/about/</guid><description>&lt;h1 id="hey-names-yuri">Hey, name&amp;rsquo;s Yuri.&lt;/h1>
&lt;p>Thanks for visiting my plaсe on the internet. I&amp;rsquo;m a 20-something yo born in Moscow, Russia 🇷🇺 and leaving in Rivière Noire, Mauritius 🇲🇺.&lt;br>
I believe in and strongly advocate for freedom of speech, free trade and online pseudonymity. I have a Bachelor&amp;rsquo;s degree in economics and a Master&amp;rsquo;s one in management. I&amp;rsquo;m trying to find myself in Web3 world, while working in an international payment processing company.&lt;/p>
&lt;h2 id="interests">Interests&lt;/h2>
&lt;p>Below is a list of things I generally like and have some user-level experience in.&lt;/p>
&lt;h3 id="it">IT&lt;/h3>
&lt;ul>
&lt;li>Cryptography, &lt;a href="https://yuri.ag/blog/crypto" >cryptocurrencies&lt;/a>
, cybersecurity&lt;/li>
&lt;li>Linux &lt;a href="https://yuri.ag/blog/migrating-to-arch" >styling&lt;/a>
 and powerusing&lt;/li>
&lt;/ul>
&lt;p>I like privacy and am amazed by how people find clever solutions to major challenges of the modern world. Plus, I just like things being ordered.&lt;/p>
&lt;h3 id="sports">Sports&lt;/h3>
&lt;ul>
&lt;li>
&lt;p>Ice hockey&lt;br>
It&amp;rsquo;s is a very complex game demanding body endurance, quick decision making and high precision in moves. Gives me a rare feeling of physical and mental relief while the competitive nature of this sport is something driving me forward and keeping me excited in the longer run.&lt;/p>
&lt;/li>
&lt;li>
&lt;p>&lt;a href="https://yuri.ag/blog/body-is-a-vessel" >Bodybuilding &amp;amp; powerlifting&lt;/a>
&lt;br>
Gym workouts are something I just cannot let myself stop doing cuz if I quit - there&amp;rsquo;s no way back due to my lazyness. Momentum keeps me floating.&lt;/p>
&lt;/li>
&lt;li>
&lt;p>Tennis&lt;br>
I&amp;rsquo;m not yet experienced in it, but it&amp;rsquo;s a great substitute to Ice hockey which&amp;rsquo;s no longer available at my new location on the island.&lt;/p>
&lt;/li>
&lt;li>
&lt;p>PC gaming&lt;br>
Games that I play are mostly online ones and require a voice chat e.g. &lt;code>Rocket League&lt;/code>, &lt;code>Minecraft&lt;/code> or &lt;code>Fortnite&lt;/code>. Playing solo is like drinking alone: strange and cringe.&lt;/p>
&lt;/li>
&lt;/ul>
&lt;h3 id="other-hobbies">Other hobbies&lt;/h3>
&lt;ul>
&lt;li>Traveling &amp;amp; photography&lt;/li>
&lt;li>Acoustic guitar&lt;/li>
&lt;li>Maintaining this website&lt;/li>
&lt;/ul>
&lt;h2 id="anti-interests">Anti-interests&lt;/h2>
&lt;ul>
&lt;li>Statism&lt;/li>
&lt;/ul>
&lt;h2 id="hardware">Hardware&lt;/h2>
&lt;h3 id="phone">Phone&lt;/h3>
&lt;ul>
&lt;li>Nothing Phone (2)
&lt;ul>
&lt;li>Ungoogled Android with a pretty theme by Nothing&lt;/li>
&lt;li>Lots of FOSS apps used on a daily basis&lt;/li>
&lt;/ul>
&lt;/li>
&lt;li>Airpods Gen3 magsafe
&lt;ul>
&lt;li>The best sound&amp;amp;build quality on the market&lt;/li>
&lt;li>Wireless charging via phone&amp;rsquo;s back panel&lt;/li>
&lt;/ul>
&lt;/li>
&lt;/ul>
&lt;h3 id="pcs">PCs&lt;/h3>
&lt;ol>
&lt;li>Huawei Matebook 13 (2020)
&lt;ul>
&lt;li>Windows 11 (debloated) - I plan migrating to linux very soon tho&lt;/li>
&lt;/ul>
&lt;/li>
&lt;li>Portable drives &amp;amp; HID that I take with me and connect to the nearest monitor whenever I travel
&lt;ul>
&lt;li>Sandisk 1tb nvme SSD with my portable Arch instance&lt;/li>
&lt;li>FBX51C wireless keyboard&lt;/li>
&lt;li>Viper V2 pro wireless mouse&lt;/li>
&lt;li>a security key device&lt;/li>
&lt;li>Ledger Nano X for signing relatively small transactions &amp;amp; managing passwords&lt;/li>
&lt;/ul>
&lt;/li>
&lt;li>PC - for normie uses (gaming &amp;amp; browsing)
&lt;ul>
&lt;li>Core i5-9600K - cannot be accelerated due to motherboard form factor&lt;/li>
&lt;li>B-360 chipset&lt;/li>
&lt;li>RTX 2060s GPU&lt;/li>
&lt;li>16gb 3000mhz DDR4 - same thing with acceleration&lt;/li>
&lt;li>1tb Sata SSD&lt;/li>
&lt;li>27&amp;quot; 60hz 1080p monitor&lt;/li>
&lt;/ul>
&lt;/li>
&lt;/ol>
&lt;h3 id="camera">Camera&lt;/h3>
&lt;ul>
&lt;li>EOS 6D Mark II&lt;/li>
&lt;li>EF 24-105mm f/3.5-5.6 IS STM&lt;/li>
&lt;li>EF 70-300 f/4-5.6 IS USM II&lt;/li>
&lt;/ul>
&lt;h2 id="preface-to-the-website">Preface to the website&lt;/h2>
&lt;blockquote>
&lt;p>Why am I spending 50$ a year on hosting this site?&lt;/p>
&lt;/blockquote>
&lt;ol>
&lt;li>to explain technologies/concepts/principles that I personally find right/legit to the broader audience &lt;em>(aka blue-pilled normies)&lt;/em>&lt;/li>
&lt;li>to force myself diving deeper into the little things I find exciting&lt;/li>
&lt;li>for further reference&lt;/li>
&lt;li>some selfish &amp;ldquo;pls notice me&amp;rdquo; factor is involved, ngl&lt;/li>
&lt;/ol>
&lt;h3 id="website-structure">Website structure&lt;/h3>
&lt;pre tabindex="0">&lt;code>|--blog // main subjects that deserve a separate article
 --article1
 --article2
 |--tags // custom tags across the articles in blog
 --tag1
 --tag2
 |--year // every post is assigned to the year when it was created
 --2024
|--notes // well, notes here. who would&amp;#39;ve thought
 |--note1
 |--note2
&lt;/code>&lt;/pre>&lt;p>Theme inherited from &lt;a href="https://github.com/yrzam/yrzam-hugo-theme" target="_blank" >yrzam&lt;/a>
&lt;sup id="fnref:1">&lt;a href="#fn:1" class="footnote-ref" role="doc-noteref">1&lt;/a>&lt;/sup>. If you are seeing &amp;lsquo;Times New Roman&amp;rsquo; font (or worse) - first of all I&amp;rsquo;m amazed how you managed to read it till this point. Please consider changing it to your favorite one in the browser settings. From then on this would apply to all websites pages with an unspecified font.&lt;/p>
&lt;p>Hope you&amp;rsquo;ll find something meaningful. Questions &amp;amp; suggestions are &lt;a href="mailto:agaletskiy@yandex.ru" >welcome&lt;/a>
.&lt;/p>
&lt;div class="footnotes" role="doc-endnotes">
&lt;hr>
&lt;ol>
&lt;li id="fn:1">
&lt;p>&lt;a href="https://yrz.am" target="_blank" >yrz.am&lt;/a>
 - a good friend of mine&amp;#160;&lt;a href="#fnref:1" class="footnote-backref" role="doc-backlink">&amp;#x21a9;&amp;#xfe0e;&lt;/a>&lt;/p>
&lt;/li>
&lt;/ol>
&lt;/div></description></item></channel></rss>