Moxie Marlinspike Answers Your Questions 76
A few weeks ago you asked security guru Moxie Marlinspike about all manner of security issues, being searched at the border, and how to come up with a good online name. He's graciously answered a number of your inquiries which you will find below.
Who writes your paychecks? SirGarlon
From your Web site it looks like you've worn a number of hats. How do you mainly earn your living by penetration testing, developing software as a contractor, or what? Or do you have a day job? (I won't ask where). Do you have any advice for software engineers seeking an independent career?
I was the CTO at WhisperSystems, which was just acquired by Twitter. In the past, I've done both contract and full-time software engineering work, and I've worked on boats and as a delivery captain. I've also spent a considerable amount of time being broke and living without money.
I don't think I have any particularly sage advice for software engineers looking to go independent, so I'll answer a different question: on a somewhat regular basis now, I receive inquiries from young people coming out of high-school or college, asking me what they should do to get started in their software or security career. My most common response is "don't do it." Or at least, not right now.
I think the biggest thing young people fail to realize is the interminable nature of a career. As a young person in the global north, your whole life is generally marked by periods with definite beginnings and endings: elementary school is 5 years, middle school is 3 years, high-school is 4 years. It's significant because when you're in high-school and hating the indignity of it all, there is at least a definite endpoint that you can look forward to. But if you're coming out of that, you might not fully comprehend that when you start a career, you're expected to do that... for the rest of your *life*! Don't be too anxious to jump into that, because it's not as different as what's come before as you might think.
A friend of mine recently quipped "most people working in software discovered technology before they discovered themselves." There are so many people in the industry working on projects without a real personal narrative as to *why* they're doing them, other than the intrinsic feeling that solving technical problems is fulfilling. There is a whole entrepreneurial scene in the Bay Area right now; I can understand the draw of building things, but the level of self-seriousness that people bring to something like a "customer loyalty" startup baffles me. Honestly, it's simply not true that this stuff is "changing the world," so don't be too concerned about missing out if you don't jump in as quickly as you can.
Please, don't spend your late teens or early twenties in front of your computer at a startup. If you're a young person, I think the very best thing you could do is get together with a group of friends and commit to a one year experiment in which the substantial part of your life will be focused on discovery and not be dedicated to wage work -- however that looks for you. Get an instrument, learn three chords, and go on tour; find a derelict boat and cross an ocean; hitchhike to Alaska; build a fleet of dirigibles; construct a UAV that will engage with the emerging local police UAVs; whatever -- but make it count.
security and society
xappax
In addition to being a very sharp security researcher, you seem to have a strong interest in issues of social and political control. What emerging security trends do you see as being most important or helpful for authoritarians (at home and abroad)? What security trends are most important for anti-establishment movements?
I'll mention a few things I think about:
1) A lot has been said from people like Clay Shirky about the horizontalizing effect of the internet. And while it's true that platforms have emerged on the internet which make horizontal coordination and communication possible, what's often glossed over is that the infrastructure of the internet itself is actually extremely hierarchical. I know this seems obvious, but it's not something that comes up in the dialog about this stuff very often. It's worth remembering that this is how things are currently structured, and that the dreams of the Clay Shirkies of the world can never be fully realized as long as that's true; especially since those in control of the infrastructure seem to be taking increasing notice of that fact.
2) It's also just more of what we've been seeing for years: the economics of "information capitalism" have created a world where data is for the most part unsellable, driving businesses towards surveillance and profiling of their users for targeted advertising as the only means of obtaining revenue. Perhaps this isn't so bad in itself, but it puts us in a dangerous position, because it means the data is there for the (very efficient) taking. This becomes a magnet for governments and attackers.
3) Security vulnerabilities have become more difficult to find and exploit. Rather than making things "secure," however, it's shifted the balance of who has access to these vulnerabilities. There are still plenty of dumb sqli bugs out there, but more and more it's shaping up to mean that those with the most money and resources will have access to the exploits, while everyone else will be vulnerable to them. Which is not the way I'd like to see it.
Hardware for the traveling hacker?
capnkr
I'd be interested to know more about the hardware and/or platform you use on a daily/regular basis to do your work/research. I would assume that with your 'itinerant' lifestyle you have had to make choices and compromises in this area. IIRC, you "temporarily bought" ;) a laptop to edit Hold Fast, but that isn't something you do on a regular basis is it? Are there any suggestions/tips/tricks about hardware or methods that you'd care to share for the traveling hacker with the above in mind?
As an aside - Thanks for all the good work and entertaining tales! :) Been using that Capt's license much lately?
I secretly hate technology, so I actually have a mostly boring setup. I just run Linux on a laptop, which I replace about every eight years. I'm pretty stubborn about making a laptop last; the one I have now has cooling problems, so every time I do a long compile I have to find an ice pack to put under it. In some small way, it probably makes me feel like my computer is accomplishing something really difficult.
Every once in a while I'll need to do something creative if my setup isn't cutting it. So yeah, it's true that I edited Hold Fast on a nice machine with a 14 day return policy. =)
These days I can't travel internationally without CBP wanting to search (or failing that, confiscate) my electronics on my return to the US. So I just don't travel with them if I'm leaving the country.
As for the captain's license, I still get out every now and then, but rarely make deliveries. There's an anarchist yacht clubb convergence happening in Guatemala at the end of February.
WhisperCore
dark_requiem
I really like the idea behind WhisperCore. The problem, as I see it, is that it's only available for two devices, and the Android source is updated regularly, making it difficult to keep WhisperCore up to date with the latest version of Android. Also, there are a wide variety of existing ROMs, each sporting its own array of features, but WhisperCore is the only one focusing on full-device encryption and a quality firewall interface. Given that security is becoming more critical on mobile devices, I would love to see WhisperCore's functionality integrated into every ROM. Have you given any consideration to integrating the WhisperCore project into an existing community such as CyanogenMod, or opening the source to build a community around WhisperCore? It would definitely help with making it available on more devices.
WhisperSystems was acquired by Twitter recently, so the answer to this question has changed a little for us. In general, though, we never saw WhisperCore as something that could be a pervasive aftermarket solution. We made it available on the Nexus devices with an aftermarket installer because we wanted to give something free to the security community and those devices make it easier with unlocked bootloaders. However, the bulk of our distribution efforts were spent trying to get the software through OEM channels, so that it would just appear on new devices.
CyanogenMod has done an excellent job of supporting a wide range of devices, but as you note, they are only able to do this because it's an open source project with enough volunteers to deal with all of the proprietary integration, build, and test issues. They only get access to the source after Google does public drops (that is to say, long after the rest of the industry does), and the device vagaries are endless. WhisperCore was a commercial product focused on the enterprise security market, and that market isn't particularly interested in reflashing ROMs onto their employee's phones. We were simply making it available in that form so that individuals could benefit from our work, but it wasn't our main focus. The other integration problem with CyanogenMod is that they are not a security-focused community, and have actually done a number of things to reduce the security of the platform (which is a shame, since the bar was low to begin with). So the interests of our user bases are fairly distinct, and actually in conflict on some important points.
WhisperCore - why not OSS?
nullchar
Are there business or technical reasons you do not want to open the source code for WhisperCore or any of the sub-projects like WhisperMonitor?
Same reason most enterprise software vendors' products aren't OSS, harder to sell software that way. =)
CarrierIQ nnet
Does Whisper Monitor stop CarrierIQ as well?
Haven't tested it, but it should. That said, it doesn't come with WhisperCore, so it seems unlikely that you'd encounter it on a device with WhisperMonitor.
Thoughts on TLS-SRP as a partial solution?
WaffleMonster
Most secure sites we normally depend on require you to establish an account. Rather than sending our passwords in the "clear" over SSL as everyone is foolishly doing today couldn't part of this problem be solved using trust previously established between you and the site in the form of mutually authenticated credentials?
The best case example would be an online banking site first requiring you to physically come into the office with proper ID. There would no longer be any need for this bank to need to trust or use any third party.
TLS-SRP RFCs have already been written, SSL stacks used by all popular browsers already patched with support... obviously this does not fully eliminate the need for trusted third parties.
I think these types of approaches are interesting for things like SSH, IMAPS, and SMTPS. The way that webapps tend to be architected and deployed, however, makes this tricky.
of trust versus online consensus
DamnStupidElf
PGP provides a model for partial trust in a public key based on the trust placed in signers of that key. I think a similar model would work much better for SSL certificates than either the current forest of fully trusted root CAs or projects like Convergence because it would allow long term trust in entities instead of merely the ephemeral keys used for SSL connections while also providing offline security and the ability to separate the keys used for privacy and identification.
If I wanted to validate the hypothetically secure https://slashdot.org/ I would be happy seeing an SSL certificate signed by Geeknet's PGP key (assuming they cared enough to be in the strong set), but even happier if it was also signed by a couple certificate authorities and some other folks in the strong set. I would assign partial trust to each of the certificate authorities' root certificates and use PGP to measure the partial trust of other signatures and set a threshold for the security of any SSL site, perhaps requiring "full trust" for automatic acceptance of an SSL certificate, a warning for marginal trust, and a bigger warning for anything less.
One of the primary advantages is separation of privacy and identification; the private key for identifying an entity would only be used to sign SSL certificates, reducing the likelihood of an attacker compromising an identity certificate. Notaries, as in Convergence, would simply be entities who sign a large number of SSL certificates after verifying the owner's identity through the existing trust network. The advantage for notaries is that they would not need to keep their private keys online and would only serve signatures. SSL sites could also just include the signatures in the initial SSL/TLS exchange, shifting bandwidth costs to the entities that benefit from the signatures. Site owners could also pre-distribute new SSL keys to certificate authorities and notaries to obtain signatures similar to the way that the existing PKI works, without relying on projects like Convergence to correctly identify a legitimate key change through heuristics.
The biggest advantage is a much more robust framework for trusting the privacy and identify of web sites. The likelihood of obtaining fraudulent SSL certificates signed by enough entities to achieve full trust is much lower than the likelihood of compromising a single fully trusted root CA or tricking a Convergence-style network into trusting a fraudulent SSL certificate by DNS poisoning or other methods.
Do you think this is a workable and, if so, good idea?
The MonkeySphere project is working on something quite similar to your proposal. Personally, I always have trouble with suggestions for bringing the "web of trust" to some new context, because I never found it workable in the context it was invented for. I use PGP more consistently for email than almost anyone else I know, and the truth is that I almost never find a new key with signatures that are meaningful to me.
While there are organizations and individuals I trust, there aren't thousands of them, and probably not even hundreds of them. I think that trust agility is essential to any solution moving forward, but as I see it trust agility requires two things:
1) The trust relationship has to be initiated by the client.
2) A trust decision can be easily revised at any time.
I don't believe that using WoT style signatures meets these requirements, at least in their most obvious form. In the WoT model, if I look up a certificate, I don't have any influence over who's chosen to sign it. I'm given the signatures I'm given, and that's that. If I decide to make it work by trusting some entity that has made it a habit to sign a bunch of certificates, untrusting them becomes difficult, because maybe the entity I'd really like to trust hasn't signed as many. And if it's a matter of manually evaluating the signatures I'm given for any site I visit, that sounds pretty unpalatable to me.
All that said, this idea is not incompatible with Convergence. Just build a MonkeySphere notary backend, and it'll plug right in alongside any other notary strategies you'd like to simultaneously query from your client. I anticipate that it would give you a lot of "stand aside" votes for the foreseeable future, however.
Is everyone just re-inventing _parts_ of the WoT?
Sloppy
It seemed to me that what Perspectives notaries do, as expressed in OpenPGP-speak, is act as sophisticated Robot CA. (Is this wrong?) Is a Convergence notary "merely" a more sophisticated Robot CA, or does it provide information which couldn't be represented in a Web of Trust?
Well, I dunno, on some level I think all knowledge can be expressed as simile through any particular domain of knowledge. It's important to remember that a Convergence notary isn't bound to any particular validation technique, meaning that not all notaries will use network perspective. I prefer to think of notaries as SSL Certificate Authorities with an inverted trust relationship. They're pretty similar, but rather than the server initiating the trust relationship, it's the client. It's a subtle but powerful change.
bootstrapping -- notary trust
Onymous Coward
Do you see the matter of how users come to trust the notaries themselves as a concern? What methods do you see for assuring users that a list of notaries is in fact recommended by a given party? I see notaries distributed with the Convergence plug-in (is the distribution signed?), but doubtlessly that's not meant as a steady-state solution as it does not promote trust agility.
Have you considered notary list configuration based on "subscriptions" a l AdBlock lists. For example, if the EFF periodically published a signed "EFF Trusted Notaries" list, as one of a number of organizations doing so?
And how much is a working web of trust required for this? Do you feel there is one?
Right now installing Convergence is a leap of faith, as is true for most software. I'm being intentionally inflammatory by making a point of not distributing it over SSL, because if you're installing it, you don't have it to validate your SSL connection yet. Once you have it, however, all updates are signed.
I don't actually see pre-distributed lists of trusted notaries as anathema to trust agility, however. It's nice for a user to be able to select who they trust, but it's also essential that browser vendors can revise those defaults as well. Right now that's not the case, and it means that a browser vendor's entire user base suffers.
I would like to imagine that one day browsers will ship with Convergence support built in, and that it will come with a list of default notaries that the browser has curated. If one of those notaries starts acting in bad faith, the browser can remove them. If you as a user would like to make different trust decisions, they can do that as well.
Notary subscription lists are a good idea. You can kind of do this with the HA Notary bundles right now, but it'd be better to break them out into a meta-bundle. In any case, the bundle auto-update logic is in there, so it wouldn't be too difficult (git pull requests gladly accepted!).
Switch from Perspectives?
Burz
I'm already using the Perspectives extension (and not sure what benefit I'm getting from that)... Why should I switch from Perspectives to Convergence?
Convergence is obviously inspired by Perspectives, but slightly more generalized (not tied to network perspective), and designed to address what I felt were shortcomings in the Perspectives protocol. The biggest differences are browser integration, notary lag, and privacy.
Perspectives doesn't work for any of the CSS/JS/Image content on a page load, only the initial GET. It will suffer from notary lag since it requires notaries to regularly poll target sites. And you'll leak your entire browsing history to notaries.
Choice of name?
Alioth
Completely unrelated to your work, but the name "Moxie Marlinspike" sounds wonderful. It's obvious why you chose "Marlinspike", after all as a sailor it's an object that you may have found useful (and it's not that uncommon to have a last name that is a tool or a trade). But the first name you chose - why did you choose it? Looking around for references to Moxie the most prominent one is for one of the earliest carbonated beverages sold in the world, which doesn't sound too probable as an origin.
Apparently the etymology of the word "moxie" is thought to originate with the soda, although there is some indication that it might have been a word from a native American language that meant "dark water." I actually know another person named Moxie in the Bay Area, and someone got us a six pack of Moxie Cola to split once. I couldn't even finish one!
I'd estimate that in roughly 1/3rd of the cases where I introduce myself to someone, they ask whether Moxie is my "real name." There are a few interesting things about this to me. First, apparently we're all so used to a limited pantheon of possible names that anything outside of it must be "not real." And second, that when people say "real," it seems that what they actually mean is "legal."
What's interesting to me about the corpus of "real sounding" names is that they're mostly drawn from the bible. The name my parents put on my birth certificate is "Matthew." For as long as I can remember, however, people have called me Moxie Marlinspike. There's obviously a story there, but it's actually not that interesting. In the end, it's just what stuck. I don't switch back to Matthew, however, because it's a biblical name. I'm not that inspired by the stories from the bible, so it feels counter-intuitive for me to literally identify with them. So while many people find my name "strange," what's more bemusing to me is that many of those same people *also* don't find the stories of the bible to be the major inspiration of their lives, and yet continue to be walking endorsements for them with every handshake.
The notion of "realness as legality" is interesting to me because it seems like it should be possible for reality to extend beyond whatever is defined by law, yet this seems to be the litmus in most people's minds. If I have a name which literally everyone in my life since childhood has known me by, it seems to me that this should be the definition of "reality," not whether the government (who, by contrast, has a pretty cold and distant relationship with me as far as acquaintances go) agrees.
Re: (Score:2)
Who cares??? I mean WHO cares!!!!
Do they? While they can still rock a venue, they've not trashed a hotel room in a while now and I've never really thought of them in terms of computer security.
Re: (Score:1)
Re: (Score:2)
The short answer is YES.
The long answer is YES.
Cue the whining non-graduates... (Score:5, Insightful)
Or you could, you know, go to college. You really can't beat all the drinking and sex and learning among the highest concentration of smart people you will ever know.*
*Some restrictions apply. Offer not valid at BYU, Liberty University, and Bob Jones University.
Re: (Score:3, Funny)
Offer also subject to restrictions when redeemed at engineering schools...
Biblical names (Score:2, Insightful)
Probably existed before the Bible. They show up there because they were in use.
Re: (Score:1)
And even though Moxie's parents may not have intentionally restricted themselves to saints, the pool of common names they were likely to choose from has certainly been made smaller due to our ancestors adherence to this policy.
My wife, who converted to Catholicism after
Money? (Score:1)
"If you're a young person, I think the very best thing you could do is get together with a group of friends and commit to a one year experiment in which the substantial part of your life will be focused on discovery and not be dedicated to wage work"
All that sounds nice but requires quite a bit amount of money! That kind of travels you can only do in your forties.
Re: (Score:3)
It actually probably requires less money in your twenties. In your forties, the average person wants money for their mortgage, cars, kids, whatever, and probably needs $50k/yr minimum, maybe $80k+ depending on your lifestyle and location. But a frugal group of twenty-somethings should be able to live on $10k/yr each, maybe less if they share accommodations, don't blow it on eating out, and live somewhere cheap (Moxie himself lived in a shared house in Pittsburgh, iirc). You can make that kind of money with
Re: (Score:2)
"If you're a young person, I think the very best thing you could do is get together with a group of friends and commit to a one year experiment in which the substantial part of your life will be focused on discovery and not be dedicated to wage work"
All that sounds nice but requires quite a bit amount of money! That kind of travels you can only do in your forties.
Rubbish. When you are young you can live much more freely on very little money as you are unlikely to have the dependants (children, wife) that you have in your forties. Also, most people in our generations will be working their asses off throughout their forties desperately trying to make sure they are not going to starve in old age. The idea that you can accumulate enough money in your thirties to take any long periods of absence from work in your forties is gone in the current climate. Take too long off
Re: (Score:2)
Yea, but you forget the huge loans that many of us accumulate after getting our degrees in engineering. It's just not easy t forget about it all and go hitchhiking across Europe. That said, once I do finish my loans I am going to do exactly that with a couple of friends.
Re: (Score:2)
Yea, but you forget the huge loans that many of us accumulate after getting our degrees in engineering. It's just not easy t forget about it all and go hitchhiking across Europe. That said, once I do finish my loans I am going to do exactly that with a couple of friends.
I let my loans sit there accumulating vast amounts of interest, maybe not the wisest of moves but I certainly don't regret it. I will still be paying them off in my mid forties though.
The things is that if you put off going travelling until you have paid your loans you may well find that a wife and kids arrive on the scene before then as most womens biological bay clock starts to kick into high gear towards their mid twenties.
I don't understand. (Score:3, Insightful)
What's interesting to me about the corpus of "real sounding" names is that they're mostly drawn from the bible. The name my parents put on my birth certificate is "Matthew." For as long as I can remember, however, people have called me Moxie Marlinspike. There's obviously a story there, but it's actually not that interesting. In the end, it's just what stuck. I don't switch back to Matthew, however, because it's a biblical name. I'm not that inspired by the stories from the bible, so it feels counter-intuitive for me to literally identify with them. So while many people find my name "strange," what's more bemusing to me is that many of those same people *also* don't find the stories of the bible to be the major inspiration of their lives, and yet continue to be walking endorsements for them with every handshake.
Really? Maybe they're just names. I find anti-religious zealots as distasteful as the religious ones, and if the Bible is the sole reason you have stayed away from the name "Matthew", I've got to say that's pretty stupid, through and through. Unless of course you're careful to also not to ever employ any expressions that originate from the Bible [phrases.org.uk].
Re:I don't understand. (Score:5, Funny)
Really? Maybe they're just names.
LOL If he doesn't feel like being a human billboard for something he's not a fan of, what is the threat to you personally?
Are you also personally offended that I don't go by my given name, emacs?
Re: (Score:1)
Yeah, and what's really stupid is when he claims that people that go by their "biblical names" are endorsing the Bible and, by extension, it's religious precepts, but is apparently not concerned that people conversely might regard his name as an endorsement of drinking cans of diabetes-inducing, teeth-rotting, carbonated sugar water.
And for my money, his name isn't half as cool as Tollef Fog Heen's.
Best Advice Yet (Score:5, Insightful)
If you're a young person, I think the very best thing you could do is get together with a group of friends and commit to a one year experiment in which the substantial part of your life will be focused on discovery and not be dedicated to wage work -- however that looks for you. Get an instrument, learn three chords, and go on tour; find a derelict boat and cross an ocean; hitchhike to Alaska; build a fleet of dirigibles; construct a UAV that will engage with the emerging local police UAVs; whatever -- but make it count.
That's the best advice to young people I've ever heard that didn't come from Hugh Hefner.
Re: (Score:2)
You forgot the previous sentence, which is all the more important.
Re: (Score:1)
I agree with the comment that as a young person, you should go out and explore. It is easier while you are young, with no dependents. You can sleep on friends couches. It is easier to live on little money as you have no bills.
But you suggest to build a fleet or dirigibles, or construct a UAV, but DON'T build a company?
I think you should go out and do something, and that something could be join a startup. But go do something before you become a cog in corporate America
Re: (Score:2)
I think the very best thing you could do is get together with a group of friends and commit to a one year experiment in which the substantial part of your life will be focused on discovery and not be dedicated to wage work
So my question to Moxie is "How do/did you get food and shelter when you don't/didn't have money?".
Re: (Score:2)
What? Your parents didn't give you a yacht to pursue your endearing eccentricity? Surely you jest!
Re: (Score:3)
I believe he bought the yacht with money made from working on boats, and then used it himself to make money, doing deliveries.
Re: (Score:2)
You don't use your own yacht, when doing deliveries.. you sail the other persons boat from A to B and they pay you for doing that. Then you go back to your own boat in C and cruise for a while, spending the money.. (depending on the locations of A, B and C, the bit of time you can spend doing that can vary a lot :)
Re: (Score:2)
So my question to Moxie is "How do/did you get food and shelter when you don't/didn't have money?".
Poverty provides an education of its own? I was pretty poor in my starving school years, certainly made be a tougher person. Debatable if it made me any better or worse, but tougher, yeah.
Re:Best Advice Yet (Score:5, Insightful)
Poverty provides an education of its own? I was pretty poor in my starving school years, certainly made be a tougher person. Debatable if it made me any better or worse, but tougher, yeah.
Yes, poverty educates you as to the value of having an income and being able to eat and sleep indoors, as opposed to spending a year following your bliss (which is a luxury reserved for those who have some other means of support they can fall back on when they aren't earning an income).
Re: (Score:2)
Poverty provides an education of its own?
OK, so what did you do to get food and shelter?
I'm curious about what Moxie did too - since he said:
I've also spent a considerable amount of time being broke and living without money.
After all, why waste time making the same mistakes if you can learn from others? Then you can spend more time making new different mistakes :).
I know some places give out free food etc, but just curious on what he (and you) actually did.
Re: (Score:3)
I don't want to have to do that even once.
Re: (Score:1)
turn up when the market is closed, but before they clean up : free fruit and veg.
do some kind of street performance even if you suck: free money.
beg: free money. probably a better hourly wage than most unskilled jobs.
honestly i find it a bit weird that people here really have no idea about street punk culture.
*factoid, some street punks have expensive drug habits to pay for, others don't
Re: (Score:3)
honestly i find it a bit weird that people here really have no idea about street punk culture.
1) Living "on the street" is not the same around the world.
2) Just because I'm curious about how Moxie did it specifically, doesn't mean I have no idea about the "general solutions".
There might be interesting specific cases. e.g. Steve Jobs when he was poorer got a weekly free meal courtesy of the Hare Krishna. Maybe Moxie might know of even better options?
Re: (Score:2)
If you read his website, there are plenty of stories about sleeping on the roof of a Blockbuster and eating stale bread from Subway dumpsters.
Answer it well enough?
Heh,.
Re: (Score:2)
There's also begging. But I think many beggars ruin things for those who are really down on their luck. Some are scammers - saying they need big bucks for a train or to take a taxi to a plane, etc.
Anyway back when I was a student I had a young "street lady/girl" ask me for money for food, I offered to buy her a kebab sandwich (which was what I was g
Re: (Score:2, Informative)
Re: (Score:2)
If you think about it, living in unused properties for free is some kind of social equalizer. If you think about it a bit further, you might wonder why the landowners would ever enact laws that legitimized that, but the laws exist nontheless and homeless squatters certainly didn't enact them.
Re: (Score:1)
So my question to Moxie is "How do/did you get food and shelter when you don't/didn't have money?".
That is part of the adventure. When you are young and single you can live fairly cheaply. He didn't say this was going to be easy. You may have to work odd jobs while you hitchhike to Alaska. Or perhaps you sleep in the back of the workshop while you build the dirigibles. I know it can be done, because a lot of my friends have essentially followed Moxie's advice. I tell them to do it as long as they can.
Moxie (Score:2)
Hmmm. A friend's daughter in the Bay Area is named Moxie. Wonder if that's the one or if there's (at least) three Moxies in the region. Till now, I'd never heard of Moxie soda - the only usage of moxie I'd heard was meaning courage/determination/energy. As of 2010, Moxie was a rare but not unknown name (1 in 40,000 for girls). A Google search will turn up plenty of companies and products with moxie in the name.
Re: (Score:3)
Moxie was also one of the Hobbits in National Lampoon's "Bored of the Rings", a LotR spoof, and was named after the soda, AFAIK.
Re: (Score:1)
My only previous experience of the word moxie was as a 'primary attribute' in the classic rpg Paranoia:
"Moxie is a measure of a character's ability to comprehend unusual phenomena, learn new modes of communication, perceive important details, and correctly choose the right course of action in unexpected situations."
Along with Chutzpah (defined as the quality of a man who kills both his parents then pleads for mercy because he is an orphan) it was one of my favourite words for quite a while.
I had always assu
realness as legality (Score:2)
I'm guessing you'd find out rather quickly what the distinction is if (for exampl
Re: (Score:2)
Depending on your local court, having gone thru something tangentially related, the government simply doesn't care, its the executor who has to care, and as long as "everyone is happy" then there is no "hold up in probate". There was a stage early in the process where I/we had to file as interested parties and that is probably the stage where you'll have to prove your identify by either submitting paperwork or getting "everyone who knows him" to testify thats who he claims to be. My aunt's birth certifica
Re: (Score:2)
Actually, in common law, which most states at least have some basis in, the name you use is common practice can often be used as a legal name for things like probate documents, providing you can prove that you have used it for a specific period of time in the regular course of your affairs.
bible names shenanigan (Score:2)
no one cares about the bible. most people don't even realize the names are from the bible... they think it's the other way around...
the common source for names is simply to avoid you having to spell it everytime.
count how many times people have to spell the first, biblical or simply common, name, against the last, more broad one.
Re: (Score:2)
Re: (Score:3)
It wasn't uncommon in antiquity for people's names to reference the names of gods. For example, a quick Google shows that Matthew, Moxie's original given name, comes from the Hebrew for "gift from Yahweh", so it is understandable that an atheist might not want it for a name.
Re: (Score:1)
A mix of the first and the second; most English "old testament biblical" names are really English bastardizations of Latin bastardizations of Greek/Hebrew bastardizations of the original names. That's why you've got Jesus/Jeshu/Joshua, Moses/Moshi/Mushi, Johannes/Ian/John/Yanni, etc. Lots of names have roots that pass through the Bible, but usually it's just a case of cultural influence. After all, Flyboy is much preferred to Zebub (another biblical name) these days.
And then there's the fact that Biblica
Documentary (Score:1)
Moxie has a great documentary film, "Hold Fast" about one of his sailing journeys. I thoroughly enjoyed it. It's worth a watch. http://vimeo.com/15351476
Plausible names (Score:2)
The alliteration and general euphoniousness of the name does more to make it sound implausible as a birth name as opposed to a chosen name, than "Moxie" not being contained in a predefined list of "biblical names".
overheated laptop (Score:1)