Phuctored SSH Public Keys.

Phuctored SSH Public Keys to date.

Keys were obtained from a scan of the complete IPv4 space. We have gone approximately 20% of the way through the data set at the time of this writing.

Click on the IP addresses to view a key in Phuctor, or on the SSH hello string to view pertinent discussions.

A snapshot of ALL Phuctored keys at the time of writing can be viewed here, if the main site is slow under load.

(Feel free to ask questions !)


IP SSH Hello SSL Hello

112.16.4.21

SSH-1.99-Comware-5.20

112.16.65.245

112.16.65.247

112.16.95.66

SSH-1.99-RGOS_SSH_1.0

177.234.0.97

SSH-1.99-HUAWEI-1.5

177.234.11.229

SSH-1.99-HUAWEI-1.5

177.234.13.179

SSH-1.99-DOPRA-1.5

177.234.13.241

SSH-1.99-HUAWEI-1.5

177.234.15.27

177.234.1.73

SSH-1.99-HUAWEI-1.5

177.234.1.91

SSH-1.99-DOPRA-1.5

177.234.4.97

SSH-1.99-HUAWEI-1.5

177.234.6.21

SSH-1.99-HUAWEI-1.5

177.234.9.13

SSH-1.99-HUAWEI-1.5

183.246.69.24

SSH-1.99-Comware-5.20

187.188.126.28

187.72.155.221

SSH-2.0-AudioCodes
subject=/CN=ACL_3353352

187.72.216.78

SSH-2.0-AudioCodes
subject=/CN=ACL_3353177

189.112.138.254

189.203.181.149

SSH-1.99-DOPRA-1.5

189.203.181.7

SSH-1.99-DOPRA-1.5

189.203.72.147

SSH-1.99-DOPRA-1.5

190.39.56.107

197.221.61.38

SSH-2.0-OpenSSH_3.8.1p1 Debian-8.sarge.4

197.221.63.150

200.146.242.241

SSH-2.0-AudioCodes
subject=/CN=ACL_3348823

201.101.37.44

SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2

201.16.189.38

201.249.207.150

SSH-1.99-HUAWEI-1.5
subject=/name=AR157-Self-Signed-Certificate-210235384810E4001320

202.166.221.118

2.116.209.1

SSH-1.99-DOPRA-1.5

217.57.196.177

SSH-1.99-DOPRA-1.5

217.57.196.179

SSH-1.99-DOPRA-1.5

223.94.78.217

SSH-1.99-Comware-5.20

59.21.182.242

SSH-2.0-OpenSSH_5.9
subject=/C=US/ST=California/L=Sunnyvale/O=Aerohive/OU=Default/CN=HiveAP

66.233.213.117

SSH-2.0-OpenSSH_5.2

68.14.242.210

SSH-2.0-OpenSSH_6.6
subject=/C=US/ST=Florida/L=Orlando/O=Creative Manager – AZ Office/CN=gnatbox.creative-manager.com/emailAddress=support@iccsllc.com

71.39.252.162

74.45.0.60

SSH-2.0-OpenSSH_4.1
subject=/C=US/ST=California/L=Sunnyvale/O=Tropos Networks/OU=Manufacturing/CN=Tropos Router/emailAddress=support@tropos.com

74.45.228.159

SSH-2.0-OpenSSH_5.2
subject=/C=US/ST=California/L=Sunnyvale/O=Tropos Networks/OU=Manufacturing/CN=Tropos Router/emailAddress=support@tropos.com

74.45.228.160

SSH-2.0-OpenSSH_5.2
subject=/C=US/ST=California/L=Sunnyvale/O=Tropos Networks/OU=Manufacturing/CN=Tropos Router/emailAddress=support@tropos.com

74.45.228.49

SSH-2.0-OpenSSH_5.2
subject=/C=US/ST=California/L=Sunnyvale/O=Tropos Networks/OU=Manufacturing/CN=Tropos Router/emailAddress=support@tropos.com

74.45.228.86

SSH-2.0-OpenSSH_5.2
subject=/C=US/ST=California/L=Sunnyvale/O=Tropos Networks/OU=Manufacturing/CN=Tropos Router/emailAddress=support@tropos.com

74.45.228.97

SSH-2.0-OpenSSH_5.2
subject=/C=US/ST=California/L=Sunnyvale/O=Tropos Networks/OU=Manufacturing/CN=Tropos Router/emailAddress=support@tropos.com

74.45.229.217

SSH-2.0-OpenSSH_5.2
subject=/C=US/ST=California/L=Sunnyvale/O=Tropos Networks/OU=Manufacturing/CN=Tropos Router/emailAddress=support@tropos.com

74.45.231.125

SSH-2.0-OpenSSH_5.2
subject=/C=US/ST=California/L=Sunnyvale/O=Tropos Networks/OU=Manufacturing/CN=Tropos Router/emailAddress=support@tropos.com

74.45.231.136

SSH-2.0-OpenSSH_5.2
subject=/C=US/ST=California/L=Sunnyvale/O=Tropos Networks/OU=Manufacturing/CN=Tropos Router/emailAddress=support@tropos.com

74.45.231.156

SSH-2.0-OpenSSH_5.2
subject=/C=US/ST=California/L=Sunnyvale/O=Tropos Networks/OU=Manufacturing/CN=Tropos Router/emailAddress=support@tropos.com

78.188.162.184

SSH-2.0-ROSSSH

85.14.248.152

SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u3

85.218.41.103

SSH-2.0-OpenSSH_5.9
subject=/C=US/ST=California/L=Sunnyvale/O=Aerohive/OU=Default/CN=HiveAP

91.229.251.116

SSH-2.0-ROSSSH

94.141.150.121

SSH-2.0-ROSSSH

96.24.7.172

SSH-2.0-OpenSSH_5.2

On the Matter of Brian Krebs.

The WWW of Brian Krebs, perhaps the second-most-worshiped1 patron saint to all English-speaking “computer security” charlatans — is sitting sadly offline today on account of a ~TB/sec DDOS flood.2

His titanic bandwidth, it turns out, was provided gratis by Akamai – spamatronicists par excellence and industrial-scale enablers of everything that makes the modern-day WWW a rancid sewer. Until it wasn’t. As soon Krebs began to cost them serious coin, he was dropped like a discarded candy wrapper.

And I’m expected, apparently, to see the misadventures of Krebs as a lamentable thing. But I do not — and am quite ready to explain why not to the patient and curious reader.

Krebs is renowned for his investigations of “cybercrime”, which in his eyes consists of Russian (for some… reason – almost exclusively Russian) spammers, malware artists, and “carders”.

Now, spam as we know it exists largely for two purposes: to mooch, by various means, from the great gas giants of advertising-crapolade, e.g., Google; and to spread malware. The latter exists mainly to facilitate “carding.” 3

And if we listen to Krebs and his ilk, we might believe that these problems are problems because there is a faraway country, full of evil untermenschen, who like nothing more than to steal the last penny from every honest American Joe, and to pollute his Precious Bodily Fluids. And who decided that the best way to do this is to write virii and send spam.

And Krebs would also have us believe that the pill against such headaches is to make a pompous WWW site, with many flow charts, containing some names of especially-uppity untermenschen who are then to be kidnapped by NATO gauleiters and shipped, bound and gagged, to American prisons..

Now apparently, if we listen to Krebs et al., writing virii is a “cybercrime” — but forcefeeding Microsoft’s sorry excuse for an operating system to the ~entire planet, for decades, somehow is not.

And stealing credit card numbers is a “cybercrime” — but forcing people to use a financial system where someone can drain your account by learning a constant string, printed in plain text4 on a piece of plastic in your pocket, somehow is not.

And guess what else – distributing amateur-hour “spyware” is a “cybercrime” — but artfully sabotaging open source software somehow is not. When you’re the NSA.

Because it is not about “crime”. It is about the hegemony of a particular set of crowned criminals whom Krebs shills for.

When I wrote to Krebs regarding the Mahmood Khadeer bombshell – the most recent and spectacular of a series of discoveries proving the existence, in the wild, of sabotaged PGP clients – there was no response.

Which, in retrospect, ought to have been no sort of surprise. Because the mass5 sabotage of RSA implementations was not a crime authored by any criminal Krebs is interested in prosecuting, but by his beloved masters. Who hung him out to dry today. “The world’s smallest violin plays.”


  1. After Schneier, of course. 
  2. The DDOS-enabling design of the Internet as we know it is no accident.
  3. “Carding” is a crime which happens at the pleasure of certain banks, who profit handsomely from it. This is not an especially well-kept secret. 
  4. Public-key cryptography has been around for quite a while. 
  5. We’ve found, one can surmise, only the tip of the Birthday Theorem iceberg thus far. 

A Complete Pill for the Sage SmartProbe.

The Sage SmartProbe was a very spiffy “Hard ICE” debugger, one of the few ever manufactured for use with modern (2010s) AMD x86-64 processors, and – as far as I’m aware – the only one ever sold on the mass market, rather than as part of “favourite son” deals (as, e.g., Intel’s, and Arium’s similar products were, and perhaps still are.)

Probe (right hand side) and "GizmoBoard" AMD G-series motherboard (left hand side.)

Quite a few of these things ended up bundled with various dev boards, saddled with time-limited demo expiration (yes, a time-limited hardware peripheral! don’t ask me…) The vendor perma-re-enabled an expired probe for a small fee.

Sage Eng. LLC, it appears, is long dead. Leaving no trace! How and why it died is unknown to me.

So now, instead of being unique tools in the development of, e.g., Coreboot, or whatever other attempts at sane utilization of x86-64 iron, the demo probes are stuck in limbo, working as so many peculiar paperweights.

This is a crying shame. Now you cannot unbrick the expired probes for any price. (At least not by buying the magic code from the original maker…)

So, without further delay, let us get one of these patients onto the operating table:

JTAG Test Points. (Click for full size.)

JTAG Test Points. (Click for full size.)

Now you could connect the thing to your favourite OpenOCD-compatible JTAG probe, and play around with the internals. E.g., this GDB script will give you an instruction trace. There are many interesting things to be learned, re: the command set (most of which is GDB-compatible, but there are a few interesting sharp edges.)


Or you could skip straight to the pill:

sage_pill.py
(SHA256: 2f9ce44fe069705a7ee83c0f4c733a6a0cc374613429c5c1f47a8481aa464b60)

sage_last_public_fw.tar.gz
(SHA256: 30c005febfbff531a2b9d06ef8c2c41fedb2c8993a2992a373fbeb66900fbaf8)

1) Download the pill and the fw image.
2) Check the SHA256 sums.
3) Unpack the firmware image.
4) Plug in the probe.
5) ./sage_pill.py sage_last_public_fw.bin /dev/ttyACM0

You may have ended up with some device other than ttyACM0 when you plugged it in. Find out which.
The script will need to run with sufficient privileges to talk to the “modem”.
It will ask for a final confirmation prior to firing.

6) Enjoy a 100% working x86-64 “Hard ICE”.

Tears of the Phucked.

Grumman Hellcat.

Grumman Hellcat.

Phuctor – rewritten and revved up on new hardware in April – is presently eating SSH RSA keys from a scan of the complete IPv4 space.

And, on occasion, breaking some.

And generating other laughs as well.  In today’s server logs:

134.223.116.158 - - [22/Jul/2016:15:54:57 +0000] "GET /gpgkey/50840391E5677882196999C9AE77F3177E6CBF8D35FB4F1FEF848CFADF9088B1 HTTP/1.1" 200 3425 "http://134.223.116.149:15871/cgi-bin/blockpage.cgi?ws-session=2010817170 "

What’s that? A ‘Websense’ censortron control panel, apparently.

Who might it belong to ? Could it be:

Isn’t it just a little bit too late for this nonsense? Plus, your monkemployees can still read the page when they clock out and go home. Or on their phones, in the toilets, etc.  Why bother with this nonsense ? Phuctor isn’t even a ‘wikileak’ or the like, it is merely one of the public whipping posts to which you have been tied, by your own hands, long ago.

Terraforming the “MyCloud Mini” : TTY.

“MyCloud Mini” is a ~$50, dual-core ARM, 256M RAM, 256M Flash, dual SATA box, in various respects similar to the famous PogoPlug.

Use a standard (e.g., CP1202) TTL converter. And you will get:

Stage-1 Bootloader    1  28 10:36:29 CST 2011
Attempting to set PLLA to 750MHz ...
  plla_ctrl0 : 0x0000000A
  plla_ctrl1 : 0x000F0000
  plla_ctrl2 : 0x001D01A0
  plla_ctrl3 : 0x00000017
PLLA Set
 
Setup memory, testing, Image 0
  Hdr len: 0x0001AC3C
  Hdr CRC: 0xB931AD17
 OK
 
U-Boot 1.1.2 (Oct 28 2011 - 10:44:29)
 
U-Boot code: 60D00000 -> 60D1AC3C  BSS: -> 60D1F2F4
RAM Configuration:
        Bank #0: 60000000 256 MB
SRAM Configuration:
        64KB at 0x50000000
NAND:256 MiB
*** Warning - bad CRC, using default environment
 
In:    serial
Out:   serial
Err:   serial
Setting Linux mem= boot arg value
Reading upgrade flag from NAND address 0x01ec0000 : 0
Hit any key to stop autoboot:  0
$
Posted in: Bitcoin, Cold Air, Hardware, NonLoper by Stanislav 2 Comments

Phuctor is Back!

Phuctor is back!

Now using Bernstein’s Algorithm (D. J. Bernstein. How to find smooth parts of integers.) The entire set is pairwise-GCD’d hourly.

Vectored Signatures, or the Elements of a Possible V-Algebra.

Once upon a time (in August of ‘15, to be exact) I wrote a very simple versionatron called ‘V‘.

Edit: See also Ben Vulpes’s excellent introduction to V.

V is a carefully-designed poison against the scurrying little vermin who feed on the proverbial ‘fear, uncertainty, and doubt.’

For readers who are not in the little circle of folks who regularly use the thing, I will outline the – very simple – idea: you diff two texts (source code trees, generic human-readables, or whatever cocktail of the two you happen to have) using a mildly-enhanced GNU Diff, sign the output with your PGP key, and publish it. After this is done, people in your WoT will be able to correctly (in logical order!) apply the patch(-es) – and perform a handful of other useful operations – at their leisure. 1

In exchange for a certain amount of headache – and a willingness to endure a bit of Spartan cruelty – V buys you version control with absolute cryptographic provenance of every delta, fully stateless operation (nothing you do will affect the output of a future operation unless you explicitly move files), a total extermination of the familiar “hidden file” shit-soup placed in directories by, e.g., GIT and SVN, and – most importantly – simplicity, via an absolute minimum of moving parts. V fits-in-head.2

Now this kind of thing is certainly not for everyone. But some thinking folks found it to have interesting implications; others – created some very spiffy applications; yet others – expertly re-implemented ‘V’, to the point where it is almost fit to be thought of as an actual tool.

Half a year later, the thing is in active use by perhaps a dozen people. The one worrisome thing is that most extant V-patches still carry only one known (or, at best, two/three) signatures – seals. Partly this is because people are lazyoverworked. But this is not the whole of it. There is also the fact that the act of producing a V-seal seems to have the connotation of wholesale acceptance, or endorsement, of the payload, and this is quite often The Wrong Thing. Not only are there times when one would like to seal a payload with a caveat of one kind or another, but presently we have no means of conveying disapproval – other than by refraining from sealing. The latter act conveys very little useful information, and no permanent sealed record remains of the effort taken to actually understand the patch. This is a Bad Thing.

One solution that has been floated is the inclusion of human-readable annotations with every seal. And this is well and good, and probably ought to happen, but perhaps it is possible to go a step further!

I would like to seal objects in a way which machine-readably conveys disapproval, doubtful provenance, doubtful veracity, and related attributes. And, naturally this has nowhere to go in classical PGP, and so what I propose here is, for the moment, a mere gedankenexperiment.

The root of the original problem is that a PGP signature per se conveys a scalar – precisely one bit of information: the existence of that signature. But what if it likewise carried a vector ? Can we meaningfully decompose it into orthogonal dimensions ? Let’s say, of four 2-bit components, vaguely inspired by the familiar Unix file access permission scheme:

Dimension 7 6 5 4 3 2 1 0 Meaning
‘Hands’ 0 0 X X X X X X I did not create/modify any part. 3
0 1 X X X X X X I created/modified some part. 4
1 0 X X X X X X I created most, or modified the original beyond recognition. 5
1 1 X X X X X X I claim sole authorship.6
‘Eyes’ X X 0 0 X X X X I read none. Made no attempt to.7
X X 0 1 X X X X I read some part; and/or skimmed some or all.
X X 1 0 X X X X I read most of it.
X X 1 1 X X X X I read all.
‘Brain’ X X X X 0 0 X X I do not understand any.8
X X X X 0 1 X X I understand some, and/or poorly.
X X X X 1 0 X X I understand.
X X X X 1 1 X X I understand absolutely.9
‘Heart’10 X X X X X X 0 0 I distrust absolutely.11
X X X X X X 0 1 I distrust.
X X X X X X 1 0 I trust.12
X X X X X X 1 1 I trust absolutely.13

… adding up to precisely one byte of information conveying belief regarding the payload. This might seem like claptrap until you realize that this seal vector is able to usefully describe a wide variety of objects, of the kind one might seal:

0xCA A sample of output from a particular hardware RNG.
0×78 My dialogue with an NSA agent-provocateur.14
0×01 A One Time Pad found in the pocket of a dead enemy spy.
0×2A A copy of Macbeth.
0×38 A copy of the Donation of Constantine.
0×03 An encrypted message passing through my hands from one close friend to another.
0xDB Your own PGP key.
0×14 A copy of the MS Windows kernel.
0xFF An order to launch the nukes.
0×00 A copy of a suspected memetic bomb.

Listed in no particular order, and not necessarily of the V-tronic variety. Decoding is left as an exercise for the alert reader! To possibly be continued…


  1. Any instance of a V ‘repository’ (there is no distinction between a V ‘repository’ and a working set) consists solely of human-readable texts – in their preferred form for modification: the patches, the keys, and the seals, all of which together can be pressed (the V term for the instantiation operation) into a working copy of the tree, consisting solely of what has been certified by the people whose keys were invoked in the pressing. The dependency order of the patches is automatically respected.
  2. And not merely the source code of V itself – which, in the bulkiest of the extant implementations, weighs in somewhere south of a few hundred lines. The concept fits in one’s head, and can be readily explained in a restaurant over a napkin drawing within one cup of coffee.
  3. Or: “I had no part to play in the item’s having seen the light of day.”
  4. Or: “I had a part in causing the item to exist.”
  5. Or: “The item very certainly would not exist in anything like its present form without my doing.”
  6. Or: “No human hand but mine flipped, to my knowledge, so much as one bit therein.”
  7. Why would anybody sign something they haven’t read? There are many good reasons! E.g., to ascertain that the item existed in its present form when you first came across it, for instance.
  8. This is context-sensitive. The meaning of “understand” is beyond the scope of this article.
  9. Generally this category is to be reserved for items like simple arithmetical facts, or your own name, or any other object about the nature and mechanics of which you have no doubt whatsoever.
  10. This category contains no null. Which should surprise no one, considering that the very intent of a seal is to convey some aspect of trust (in the original, unvectorized pgp, this is a vague and extremely context-sensitive thing, here – a more explicit relationship.)
  11. “I am confident that the object, or the objects referred to therein, contain deliberate misrepresentations of reality, and may be dangerous to your health if perceived as fact, and to your honour – if relayed as factual.”
  12. “I have no cause to believe that a lie is told in the object or objects referred to therein.”
  13. “I trust the factual accuracy of the statement with my life and my honour.”
  14. This leads us into meta/reference problems – does the distrust concern the object itself (the veracity of my copy of the dialogue) or of the statements appearing therein? This is to be resolved by the reader. But would it perhaps make sense to specify this as a whole vector dimension of its own?

Yes, you can still get these.

A package...

A package...

package

Is it something disreputable...?

package

... or long-forgotten bars of chocolate ?

A package...

Not exactly.

A package...

EPROMs

A package...

Op-Amps.

MPI sans the mud.

This README (signed)
mpi-genesis.tar.gz
mpi-genesis.tar.gz.sig
mpi.tar.gz
mpi.tar.gz.sig

Update:
mpi_second_cut.vpatch
mpi_second_cut.vpatch.asciilifeform.sig
sane-mpi.tar.gz
sane-mpi.txt

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
 
What you see here is a very classic version of the GNU MPI (bignum) library.
It has been surgically removed from GnuPG 1.4.10, specifically as found at:
 
http://trilema.com/wp-content/uploads/2015/10/gnupg-1.4.10.tar.gz.asc
 
SHA512(gnupg-1.4.10.tar.gz) :
d037041d2e6882fd3b999500b5a7b42be2c224836afc358e1f8a2465c1b74473d518f185b7c324b2c8dec4ffb70e9e34a03c94d1a54cc55d297f40c9745f6e1b
 
CHANGES FROM ORIGINAL:
 
1) Everything pertaining to Automake was nuked, and the earth where it stood -
   salted.
 
   Instead, we now have a conventional Makefile. It builds precisely
   ONE THING - a single 'mpi.a' library suitable for static linking into
   another project. This will turn up in 'bin'.
 
   Among other things, this now means that all KNOBS now reside in a
   MANUALLY-controlled 'config.h' found in 'include'.  If you are building
   on some very peculiar unix, please read it and adjust as appropriate.
   It contains ONLY those knobs which actually pertain to the code.
 
   The Makefile contains a 'check-syntax' - users of Emacs and Flymake
   will see proper error-highlighting.
 
2) ALL chip-specific ASM optimizations (including those found in longlong.h)
   have been nuked.
 
3) GPG-specific cruft has been amputated to the extent practical.
 
   The logging system has been retained, but it can be easily torn out,
   which I may choose to do in the near future.
 
   The I/O buffering system has been retained. I may choose to remove it
   in the near future.
 
   The 'secure memory' (unpageable alloc) system has been retained.
 
   'Localization' and all related idiocies have been nuked.
   Write hieroglyphs at home, leave them there, civilized folk
   don't need'em in their source code.
 
4) Other code has been altered solely to the extent required by items
   (1) and (2).
 
   Cruft which appears in dead #ifdefs may be removed in the future.
   Don't get comfortable with it being there.
 
5) Readers who wish to know EXACTLY what I changed, should get a copy of the
   original tarball and write a simple script involving 'find' and 'vdiff',
   which sadly did not fit in the margins of this page.
 
6) To use the library, include 'include/mpi.h' in your project,
   and statically link with 'bin/mpi.a'.
 
7) The original code was distributed under GPL 3, which may apply on
   your planet and is therefore included. (See COPYING.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
 
iQEcBAEBCgAGBQJWNP8uAAoJELmCKKABq//H0bIIAK2aw/wuV2Vxz0zWBT3foeVg
tecm7i2ar8GuEJUvNOnoo/r4gAIRloStIPH50YBlg9Ypuj5+CrkZXvRi8jEzz9aL
oT17/gjEoBc3c006i9ag08RvZz70r8WHc1z08vuNlDUfzSZ3T3dPA77y4jjc4EaM
Oag7rM9m3HYL0Gag8NLV//vL/WjeOGOd7jSlGfAq4hoYpEZspJhUO6ie+CHgVJRR
5NQBQNzbuzShUKG0RgyBbHM0WS7QkSnZLQtv9263e0g5QkhKccAh8MyfjdBPkatA
VCj3YABL/Ac+8TkBszUS5T4RBteNGCjN+lvaLVg18uS6//KnN7+3o5cn97q2Krc=
=+5hX
-----END PGP SIGNATURE-----

You will need the V versionatron to use the ‘v-genesis’.


Errata/Omissions:

  1. Item (4) should read ‘(1), (2), and (3)‘ instead of ‘(1) and (2)‘.
  2. Users of modern Gnu GMP might expect a cryptographic entropy generator.  This MPI does not contain one – it was a separate subsystem. At some point I may do a similar surgical extraction for GPG 1.4.10’s entropy gatherer, but this is a very different project.

The Phuctored and the Phucked

(8/16 Update: 113 moduli.)

Phuctor has been under lightweight but rather reliable DDOS in recent times, so here is a mirror of the list of 106 moduli broken up through the time of this writing.

Certain professional idiots have been bashing their heads against the wall in a futile effort to magic away the past.  To them, my message is:

  1. It won’t work.
  2. Go to hell.
  3. The data set is in permanent public record.  Go ahead, keep censoring SKS mirrors.  We still have the originals.
  4. We will discover who planted the diddled keys, when, and why.

If your name appears on the list (or the current version thereof), please write to Mircea Popescu or to me! (Please keep in mind that letters not bearing a PGP signature – the basic minimal standard for personhood on the Net – are likely to be ignored – or, alternatively, subjected to public display and ridicule for our amusement.)