Quality of life is pretty good or getting better on this side of the fence.

European consumer price index (CPI) rose 18% in last 2 years:

https://tradingeconomics.com/european-union/consumer-price-index-cpi

There is no public data after 2022 on happiness of EU population. How strange.

NATO isn’t stupid. As a whole, they don’t want to invade Russia. They are there to deter future territorial land grabs

Non-aggression statement dispelled

on September 18, 2024:

https://www.uawire.org/estonia-signals-readiness-to-preemptively-strike-russia-to-defend-nato

Nobody defined what Russian preparation for aggression looks like.

Nuclear war outcome

All mega cities flattened. Hundreds of thousands of people next to nuke hits are blind and are fated to die as there is nobody to help them. Fires and destruction everywhere.

Toxic cloud rain the size of large city like New-York near insta-killing everything on its path as it moves with the wind. Hundreds if not thousands (one per each nuke) of toxic rain clouds at the same time and there is nowhere to hide from them. The only solution is to avoid them, but it is impossible due to destruction, debris, and loss of transportation due to EMP from nearby nuke. Mountains will not be safe largely due to toxic rains.

Loss of almost all food storage and drinking water to destruction and toxic contamination.

Even physically intact buildings and their contents may be unsafe after toxic cloud rains. People would not know of what is safe, since most don’t have means to measure radiation levels.

Inability to grow food for many years due to contamination.

Nuclear winter (there are some doubts on this topic as well as contamination).

Lack of food and drinking water. Deaths from starvation and dehydration. Deaths from taking contaminated water and food coming faster and more terrifying than from starvation.

Later on deaths from lower doses of contamination.

Survivors will envy the dead and follow the dead.

Only people in bunkers with years in supplies will have a chance.

Ask Japanese that.

They know they got nuked, but don’t know who did it.

Absurd, but that’s the reality.

Medvedev threatened use of nukes in most direct words possible.

deleted by creator

I dare you to quote Putin as a proof. There’s simply no direct well defined threat from Putin on this topic.

There’s one from Medvedev, but he doesn’t represent Russian government and is not an official spokesperson for Russian government.

At this point it is more than just territorial control.

It is survival of the country as a whole. At higher level it is survival of the system on both sides.

The military operation has highlighted multiple issues in Russian system. While issues are significant, they are not critical and system currently manages to pretend like issues don’t exist.

The western system side is also experiencing problems. The problems are conceptually different, but the system is also in pretend mode like nothing is happening.

Side observer can’t really guess which system is going to crash first, if crash is coming. It is also possible that none will crash, and world will split into two or more centers of economic gravity.

I am not even looking at role China is playing in all of this. I can just say, that China gets sometimes inaccurate coverage in Western MSM, which results in faulty expectations.

That is a natural reaction of person that tracks only western MSM and doesn’t pay attention to gradual rise in western politician attitudes.

Russian nuclear doctrine change reflects changed attitude in western propaganda.

You must not be aware of the following developments. Poland is already primed to fight. Baltic states openly talk about preemptive strike on Russia. Western long range weapons are pretty much cleared to strike “old” Russian territory. Country on southern side of Russia is set to become 2nd Ukraine. NATO general claims that Russia will not use nukes under any circumstances and thus justifies any level of involvement.

In this environment expansion of nuclear deterrence is pretty much the only option from Russian point of view.

Please note that inside Russia there are calls to strike from Kiev to London due to crossing of previously announced red lines. Someone was right here. Putin is moderate if not outright inactive.

The above creates potentially unstable environment inside Russia and may give Russian government additional motivation to use nukes at location of regional importance.

There are some reasons for western side to provoke Russia, which nobody here wants to discuss or acknowledge.

It shall come as no surprise that NATO has larger military than Russia. Russia never made it a secret that the only way to balance out conventional strength difference is with nukes.

The calculation on Russian side is that they will destroy large amount of opposing side military and equipment. It should be enough to stop any meaningful ground action.

So, reality is very close to getting out of control.

All it takes is a small provocation on the border side that looks like invasion even if it is just a large scale disruption in communication on the border line and incursion of some military equipment.

The later happened already on Belorussian border in last 12 months. So the scenario was tested in part by Poland.

https://www.latacora.com/blog/2019/07/16/the-pgp-problem/ is a good summary about the issue

Good counter discussion about PGP security

https://www.reddit.com/r/cryptography/comments/10cfslk/exactly_how_strong_is_pgp/

I would argue that latacora could be an attempt to push users into the systems that provide 3rd party service, which by definition of 3rd party service is not secure: WhasApp, Signal.

Only true P2P can be safe. PGP provides ability to send encrypted message using any means necessary: FTP, HTTP, anonymous services, USB sticks, anything.

why encrypting mail in general is bad at https://www.latacora.com/blog/2020/02/19/stop-using-encrypted

The point about email having leaking matadata is 100% spot on.

The argument why Signal is better is very short and not substantiated IMO.

Russia tries to keep Poland, Baltic states and other unfriendly bordering nations from getting involved in any military action against Russia by making it clear that response will be nuclear.

The desire to involve other nations against Russia goes up with Ukraine slowly loosing war against Russia. Tactical encirclement of 72nd Ukrainian battalion in Ugledar is the most recent example of losses on Ukrainian side.

Change to Nuclear weapons doctrine tries to stop opening of 2nd war front against Russia. The most likely location would be border between Belorussia and Poland.

Be aware, that trusted Certificate Authority (CA) configuration applies to ALL certificates issued by CA. Thus, if one elects to trust “actalis” CA, then they trust ALL actalis CA users.

If the process of obtaining certificate was extremely simple, easy and did not involve identity verification steps, then bad actors can take advantage of this process and create identities that your client application will trust.

By itself the bad actor identity is of little concern to anybody, but it can have a significant impact if trusted identity is used in spam filtering, exploits of email client bugs or other hack attempts. Trusted users may be given higher access privilege at the client application level, which may be just enough for hacker to gain required access. For example, client application may be configured to trust all trusted senders with MIME attachments. An unknown trusted user sends malicious Application as file attachment. Accidental double click lunches the application without “are you sure?” prompt. Congratulations, machine is pwned.

The problem is easily mitigated by not importing root CA for easy CAs.

What I take issue with actalis, is that they don’t just sign your private key but you actually get the private key from them. It then depends on how much you trust the issuer.

By definition, that key can no longer be considered “private”.

It is very important to emphasize that the key in this model is not “private” anymore. Thus, all the communication using this key is not secure anymore.

Private key is the one generated by hardware owned by the user and immediately secured with strong password. Ideally, private key does not leave the hardware that generated it. Thus, every device shall have its own private key.

In less restricted model, private key gets copied by the user to other hardware using media like USB stick or P2P communication model that does not use cloud services.

Yes, it exists.

S/MIME requires the receiving side to have its own certificate or, to be more correct, a private key represented by the certificate. The recipient’s certificate needs to be known to the sender. The sender’s certificate needs to be known by the recipient. That’s why S/MIME is not used. It requires configuration on both sides, before it can be used.

Most people don’t know how to obtain certificate and configure email client with it or don’t bother to obtain certificate even if they know. The same problem exists if PGP is used, even if it is a bit different.

I will cover S/MIME and PGP because of similarities.

S/MIME or certificate based solution is supported by many clients, so it is easier on end user than PGP. S/MIME is part of the specification, that’s why good email clients have built-in support. S/MIME problems are all around certificate management: how to obtain certificate (free or not), how to import certificate, how to trust certificate, how to import trusted root of the certificate.

It is easier to manage keys for free in PGP. PGP has no protocol level support in email clients, so it requires additional handling of underlying content. In effect PGP encrypted messages are injected into text message or sent as email attachments. In both cases PGP content has to be handled by external application (PGP encrypted text or image) or email client specific plug-in.

The technology is very old for both cases. It has not caught on due to friction of key management for both technologies. PGP has additional problem of content handling.

S/MIME is perfect if you want to communicate with family or friends as you can ensure everyone in your circle has their own private key. Even in this narrow case, I guarantee you will experience some friction to get this through.

Organizations can have it easier as they can issue certificates to their users. But then problem of trusted certificate authority comes into play, if they use their authority (every email client or OS running this email client has to import new Trusted Certificate Root, that is hard at ORG level and it gets worse when they have to tell their outside contacts how to work with them). If they use well known authority, they avoid Trusted Cert Root problem, but they have to pay for every user certificate.

So, you can see how there’s friction in S/MIME solution. IMO, S/MIME is a good solution, but friction made it unrealistic in major use cases.

At this point I recommend Delta Chat. I am not involved with it. I just like what I see. It is uses PGP technology. In the end it is looks like a modern P2P chat application with all the expected Chat functionality, but it is actually an email client sending PGP encrypted messages over email. Delta chat solved private key creation using built-in key generation. Public key exchange is solved via key exchange protocol. The problem of content attachment is solved by the application itself. Take a look at articles about it https://delta.chat/en/references

Signal vs Delta Chat. Signal metadata exposes your contacts and probably your time of contact. With Delta Chat you get the same level of meta data exposure: your contact and time of contact are in the open, because underlying protocol is email.

S/MIME protections. S/MIME keeps the same metadata in the open: contact and time of contact. That’s because S/MIME protects the payload (message body), not the email protocol headers.

I might be a bit off on how PGP or S/MIME is passed around at SMTP headers level, but overall meaning shall stay the same.

There are no shades of grey in encrypted communications.

Your messages are either plain text or not to 3rd party.

Sometimes it appears to be encrypted, but there loopholes that make it possible to significantly reduce decryption costs. It is plain text to those who put the loopholes, like specially crafted constants in the algorithm.

Signal runs a service. Even if its source code is open source there’s no guarantee that that’s the code running on the server.

I don’t know the protocol, but I am concerned of man in the middle and how safe it is from man in the middle. In this case signal servers must be considered to be man in the middle.

The only system to trust is peer to peer with proven track record of sending encrypted data over public channels.

That’s PGP and Delta Chat utilizing PGP.

I bought 2 nice queen size beds for about $300. There’s no way local furniture store would produce the same prices.

Temu cuts out entire US retail chain including Amazon shop.

I buy local after I fail to find Temu, Shein or my time needs don’t allow waiting.

Whatever are those options?

Let’s remember all the laughs about friendly Russian fire and doubts surrounding that claim.