Blog of All Trades

Bewildering botany, free software fanaticism, reliable book reviews, 'mazing math

May 19, 2021

This is How Bitcoin Works

The Purpose of Bitcoin

The top 20 or so online payment processors which dominate the market

Existing online payment systems, banking systems, and the currencies that flow through them are plauged with centrilization. The protocols behind our current online financial system require central authorities to store, send, and process transactions. This gives these authorities incredible power over our financies: banks and payment processors have descrision over which transactions they allow, collect massive amounts of data on our personal financial history, and hold the ability to confiscate our savings. Speaking of stealing our savings, even the currencies we use expose ourselves to the abuse of power by central authorities, namely the central bank issuing the currency. Our modern fiat moneys are issued by central banks which are not obligated to redeem our money for anything of value. This gives the central bank full control of the money supply and the privledge to "print money", which devalues our money. The system of "inflationary spending" is more complex in America and results in the enrichment of the government, government contractors, and the banks, at our expense. The chapter "The Mandrake Mechanism" from The Creature from Jekyll Island: A Second Look at the Federal Reserve shines more light on this deceptive practice. At the root of all of these problems is centralization leading to tyranny. What if there was an online financial system that didn't require central authorities to process, store, and validate transactions?

This "decentralization" is what Bitcoin acheives and what differentiates it from any other online financial systems. Millions of independently-operated "miners" and Bitcoin users process and verify transactions, removing the dependency on any central authority prone to tyranny. Bitcoin is the sythesis of several innovative ideas in computer science and was created by the pseudoanonymous Satoshi Nakamoto in 2008. While Bitcoin is one implementation of a decentralized online currency, thousands of other "cryptocurrencies", which use the same technology as Bitcoin but with tweaks or new features, have emerged in the years since Bitcoin's inception. Bitcoin and other cryptocurrencies have exploded in popularity in recent years and may be the next online finance system. Despite it's popularity, just how the Bitcoin network is able to process transactions without a central server remains mysterous to many of its users and admirers. This article should demystify Bitcoin and give you a clear understanding of how it functions. If this article doesn't enlighten, you at least know the technical words to confuse people.

Public-key Cryptography

Before we begin, it is neccessary to familiarize ourselves with public-key cryptography and hashing. It's not difficult to grasp (no quantum applied calculus classes necessary). These technologies forms the foundation for many other things in computer security so an understanding of it will yield fruit.

Public-key cryptography is a class of crytographic protocols that use two mathematically-related but different keys. These protocols can be used to encrypt data, sign data, and verify digital signatures of data. Bitcoin only uses signatures, not encryption, so we'll limit our discussion to signatures with public-key cryptography.

Users generate a key pair with one public key and one private key which are mathematically-related. They freely share their public key while keeping their private key secret. Information can be signed with the private key and other users can verify the signature with the public key. Information signing works by generating a digital signature that is unique to the piece of information being signed and that can only be made with knowledge of the private key.


A hashing function generates a number from information in such a way that knowledge of the number cannot be used to guess the information used to generate it and that a single change in the information produces a vastly different number. This number that a hashing function generates is called a "hash" and the information used is called the "message". To illustrate the first property, the SHA256 (a popular hashing algorithm; used in Bitcoin) hash of the message "Eggs are a nutritous food" is 06869c0c5dca013fa68c90c905a0cd91c5e885188ea3dffb2c001883ec9cc504. There is no way that knowing the hash 06869c0c5dca013fa68c90c905a0cd91c5e885188ea3dffb2c001883ec9cc504, can help you figure out the message "Eggs are a nutrious food", unless you try hashing every combination of letters until you find that the anticlimatic unmessage that generates that hash. We can show the second property of hashes, that a small change in the messages yields a totally different hash, by fixing my bad spelling and finding the correct sentence's SHA256 hash. "Eggs are a nutritious food" comes out of the SHA256 hash machine as dc5174c86978a0f6b90c9836c9e805d808fe35944547e84dffe377a86ad11f98, completely different from the other hash of 06869c0c5dca013fa68c90c905a0cd91c5e885188ea3dffb2c001883ec9cc504.

Decentralized Digital Currency Prototype

Bitcoin transactions

With our knowledge of hashing and public-key cryptography, let's try and create a digital currency that needs no central authority to keep track of transactions in 'Bitcoins'. Original name, I know. For the moment, let's ignore who first gave people these coins with a transaction. The ingenious minting process will be discussed later. Transactions can be implemented as senders signing that a receiver (represented by their pubilc key) now owns the coin, in other words, he has permession to spend it himself. To make transactions easier to validate the sender also includes a reference to the previous transaction that gave him that Bitcoin.

People anounce their transaction to all other Bitcoin users on the internet and everyone keeps a private record of all transactions to date. As new transactions are broadcasted onto the network, all of the Bitcoin users update their records and verify that the new transaction is valid, that is, (1) it references a previous valid transaction that signed the Bitcoin over to whoever signed this transaction and (2) the previous transaction it references has not already been spent..

Example transactions being broadcast and verified on proto-Bitcoin network

To illustrate this "proto-Bitcoin" protocol, let us work through what happens between some imaginary Bitcoin users on the internet. Adam wants to send a Bitcoin to Erin, perhaps to pay for a tobboganon. Adam composes a new transaction which references a previous transaction that gave him a Bitcoin as this transaction's "input", adds Erin's public address as the receiver of the Bitcoin in this transaction, signs the whole transaction with his private key, attaches his signature to the transaction, and broadcasts it to other Bitcoin-users on the internet. All of the users will eventually receive this transaction and update their private "ledgers" accordingly. When Erin receives the transaction sent from Adam that gives her control of a Bitcoin, like all transactions she receives, she verifies that the "input" transaction referenced in her payment transfers the "spending power" of the coin to Adam, that Adam's signature on the transaction is indeed his, and that the input transaction has not already been spent. Erin would see that Adam has paid and should give him the promised tobbogan. Erin can rest easy knowing that if she wanted to spend or transfer her new Bitcoin to someone else, she could, since all of the other users recorded that she can transfer the Bitcoin with her key (specifically, the signatures she generates from it to sign transfers of this Bitcoin).

Now that we've made our own online currency, let's go rip some people off get some people to invest in it! I've already got Mark Cuban in for 10,000 Bitcoin and suggest you get in too. I'll let you know in the next section how my proto-Bitcoin money works out!

~2 years later~

The Double Spending Problem

Okay, it turns out there was a fatal flaw in this design that anybody could exploit. Nobody got their Bitcoins stolen but some people did get duped. I mean it probably shouldn't have been that easy to create a cryptocurrency. The exploit called "double spending" goes as follows: Henry wants to buy a potato from Idahoan farmer (priced at one Bitcoin) and an orange grower from Florida (also priced at one Bitcoin). Henry only has one Bitcoin but came up with a sneaky trick to fool both of the sellers into thinking he bought their good with his one coin (hence double spend). He knows that the internet isn't perfect— packets (the unit of information on the internet) will frequently get stuck and not reach their destination or get slowed down and reach it late. Henry sends two transactions rapidly, first one to purchase an orange from the orange grower with his single Bitcoin then one to purchase a potato with that same Bitcoin from the Idaho farmer. Henry hopes that the first transaction (for the oranges) will quickly reach the orange seller but get stuck on the way to the potato seller, giving time for the second transaction (for the potatoes) to reach the potato seller first. When both the sellers receive the transaction to the other party, they will regard that as the invalid transaction, since they received it after the transaction giving them his one Bitcoin. The orange seller thinks he has been paid and the potato seller thinks he has been paid, so Henry is eating both potatoes and oranges tonight! Example of double spending

Depending on where the first transaction (potatoes) got stuck on the internet, a portion of the users will disagree about which transaction happened first and is valid. When either farmer tries to spend "their" bitcoin, some users will think its invalid. This problem compounds as more double spendings occour— intentionally or accidentally. The Bitcoin "network" gets more and more out of sync and nobody can agree who owns which Bitcoins. So what our little Bitcoin really needs is a way for everybody to agree which order transactions are in. If we all agreed that the transaction to the potato farmer was the valid one (and therefore the transaction to the orange farmer was invalid), then our private ledgers will all be in sync and there can be no double spending. The decision as to which transaction is considered valid doesn't matter, just as long as everybody agrees which transactions are valid, and they never change their mind about it. Now how can we reach a decentralized agreement on the history of transactions and ensure that it will never change?

Decentralized Agreement with Blockchain

Bitcoin solves this with a technology called blockchain. A portion of Bitcoin users volunteer as Bitcoin "miners". They will listen for transactions and gather a number of recently broadcast transactions (let's say 6, but in Bitcoin its around 2000) and place them in a "block". Miners will try and solve something called a "proof-of-work" for the block of transactions they created, that proves they "spent" computing power on solving the proof-of-work problem unique to that block and broadcast their solved block to the rest of the Bitcoin network. This proof-of-work is implimented finding a number that they can place in the block's "nonce" field (an area just for this purpose) that will make the hash of the block start with a certain number of zeros. As we discussed before, it is impossible to find a message that hashes into a specific hash (or one that meets certain criteria, like starting with five zeros) without hashing a ton of different messages until you find one that, by chance, hashes into something you want. For instance, to solve a block by our starts-with-five-zeros proof-of-work, the miner would have to hash, on average, ~379687.5 different nonces (the number of possible two hexidecimal digits that can start hash is 759375, so it takes half that on average to guess the right nonce) before he finds a nonce that would result in the block hashing to an acceptable hash (eg. 0000094c343f4324b5e2 or 00000324b32560c25305).

Blocks on their own don't do much to solve the problem of double spending, that users can't agree on the order of transactions. Let's fix this. Miners must include the hash of a previously solved and broadcasted block in all the blocks they create. This proves that the new block had to have been solved after the one of the hash it includes. It's analagous to how people hold up newspapers in photos to prove the picture must have been taken after something happened. So now miners can solve a block "on top of" (ie. including the hash of) a broadcasted block. This situation of blocks linking to previous blocks linking to previous blocks etc. looks like, well, a chain of blocks! Hence, blockchain.

After a miner broadcast his solved block to the Bitcoin network, users and other miners will store the blocks on their private ledgers. If a miner sees that another miner has already solved a block that has transactions that are in the block he is solving, then he must abandon work on that block and work on a block with transactions that aren't already in solved block.

Blockchain forking

Since there can be multiple blockchains going at once, something undesirable since we want ONE agreed upon transaction history, users need a way to choose which one to follow. Users agree that the longest blockchain with valid blocks (ie. no incorrect signatures or spending previously spent Bitcoins) is the true blockchain. If a user doesn't regard the longest blockchain as the true history of transactions, he will gain nothing, since all the other users have no reason to acknowledge this unaccepted history of transactions. It is as if a schizophrenic man is insisting he is handing you a million bucks; maybe in his world he is, but not in the world that matters, that is, anyone else's world.

Miners can be incentivized to only produce blocks on top of the longest chain by letting them include a transaction that rewards them a Bitcoin from nobody (ie. out of thin air) and users permitting blocks with one Bitcoin sent to the miner's public key to be valid. This incentivizes them to mine for the longest chain, since if they spend their time to generate a block for a shorter chain, unless the shorter chain can catch up to and outpace the current longest chain, they will be in the same boat as the schizophrenic man insisting users and miners should follow his favored shorter chain. Note that the reward that incentivizes mining on the longest chain also solves the problem of minting and distributing Bitcoin. While it does come with the tradeoff that Bitcoin is constantly inlating, this effect can be mitigated by the users argeeing that the reward must be halved each year for blocks to be recognized as valid.

Recognition of longest blockchain as valid

Attempted Double Spend on Bitcoin

Now we will walk through what happens if a group of miners collude to execute a double spending attack on Bitcoin in order to demonstrate the Bitcoin's strength. Let's say they're trying to help their buddy Henry dupe the orange seller. Henry will broadcast a transaction to the orange seller which will end up getting included in and mined in a block that becomes part of the longest blockchain. After the transaction is behind three blocks and the orange seller trusts that Henry's Bitcoin is his, Henry will broadcast a transaction for that same coin to the potato seller. Miners working on the longest chain (because its in their interest to make the safe bet with getting their mining reward) will not include the transaction since it was already spent on the blockchain; however, the evil miners will get to work mining a different blockchain in parallel that does include the transaction to the potato farmer in place of the one to the orange farmer. If the evil miners get this chain longer, then miners and users will switch over to it. But to do this, the colluding miners would have to mine blocks faster than all of the other miners on the network. Unless the bad miners have 51% or more of the computing power on the network, they can't outcompete the longest chain in the long run and execute their double spending attack. Bitcoin is impossible to double spend unless one controls 51% of the mining power, executing a "51% attack".

Attempted double spend on Bitcoin

Limitations of Bitcoin

While writing about the technology underlying all cryptocurrencies— blockchain, I've stuck to writing about just Bitcoin. This is because of the protocol's simplicity and it's name recognition and not because I'm at all fond of it. Like all inventions, the first iteration proves it is possible to do something new and the subsequent inventions prove it is possible to do it well. Despite suffering from massive deficiencies resulting from it being the first of its kind, Bitcoin still holds the highest market cap out of any cryptocurrencies. I attribute Bitcoin's dominance wholly to the network effect and people's lack of knowledge about its deficits.

The well-known limitation of Bitcoin is the blocksize of ~2000 transactions and the blockrate of 1 block per 10 minutes that was specified in the Bitcoin protocol and hard coded into the original Bitcoin software. This yields an abysmal rate of 7 transactions processed per second (Visa can process 24,000 transactions per second). This is partly solved by users attaching a "mining fee" that gives some Bitcoin to the miner as a way to incentivize miners to prioritize their transactions; However, this results in high fees for transactions (the average fee is $6.31 as of writing). It is difficult for any changes to be made in the Bitcoin protocol, since all the users you buy and sell things with would have to assent to the changes (eg. by recognizing larger blocks as valid). Coins like litecoin and bitcoin cash solve this problem by declaring an high block size at the outset, while coins like monero tackle this by having dynamic block sizes.

A larger problem with Bitcoin, that is not often brought up, is how all transactions on the blockchain are visible to everyone. Blockchain analysis tools and companies offer Orwellian survillence of the transactions of all Bitcoin users. Law enforcement, criminals, and the government (not mutally exclusive) can pick apart all of the users transactions, build social profiles on them, and calculate their balances. The pseudononymous creator of Bitcoin, Satoshi Nakamoto, advised users become pseudononymous as well by not associating their identity with their Bitcoin address, however, this is a poor solution since analysis of transactions in and out of an address gives clues on the owner's identity and Bitcoin exchanges, online sites where money is exchanged for Bitcoin, are required to collect purchaser's identities, foiling any pseudonmity. Privacy coins like monero, zcash, and wownero have come up with very clever ways to obscure transactions yet still permit verification of transactions.

Bitcoin's proof-of-work can be solved faster with specially designed and expensive computers called ASICs (Application Specific Integrated Circuit). Bitcoin has a mechanism that automatically adjusts the difficulty of the proof-of-work problem based on how fast miners are mining the blocks. For instance, if miners start mining blocks at fifteen times the previous rate, users will now only recognize blocks whose hash start with an additional zero as valid. ASICs 'bid up' the difficulty of mining, eventually making only the use of expensive ASICs profitable, resulting in more centralized mining operations. This chain of events, from ASIC-succeptible proof-of-work to increased centrilization in mining, leaves the blockchain slightly more open to 51% attacks. Coins like monero use a 'RandomX' proof-of-work that changes often so that it is unprofitable to purchase ASICs and any computer can profitably mine it, leading to more decentrilization and thwarting 51% attacks.

Bitcoin has its defects and should be superceded by superior coins, but it will be hailed as the first that ushered in a new type of digital currency, free from centralized tyranny. Here's to Nakamoto and his invention.


April 8, 2021

How to Use Signal Messenger

HEADS UP: If you know your way around computers and Linux systems, then host your own Matrix server instead. Matrix is more difficult to set up but is a better long-term solution because it is decentralized and is not attached to phone numbers.

Why is Signal Better then SMS and Other Messaging Apps?

SMS (texting) and telephone calls are laughably, leave-the-front-door-unlocked-and-open insecure. SMS is sent over cell networks completely unencrypted, allowing cellular providers to read and store every text. Providers can disclose the metadata or even contents of messages to law enforcement. Land-line calls are completely unencrypted and LTE calls (used by modern smartphones) are riddled with security holes. Telephone call metadata is logged by telephone networks and shared with intelligence agencies.

"Privacy-oriented" messaging apps like WhatsApp and Telegram are still ailed by security flaws. WhatsApp is closed-source, making all of its security claims unverifiable. With WhatsApp being a subsidiary of Facebook and its release of a liberal metadata sharing privacy policy, we have reasons to suspect the app. Telegram requires users to opt-in to encryption, which is unavailable for group chats, and uses in-house crypto (a stupid thing to do with cryptography).

How does Signal work?

Diagram of Signal protocol in detail

I drew a pretty diagram of the Signal protocol in detail above but I think I got too down in the weeds. I will give a simple explanation in the next paragraph. For other in depth explanations watch Computerphile's videos on how the first keys are established and how each message is made forward and backward secure. The seasoned cryptographer can skip those and read the whitepapers. If you are unfimiliar with Diffie-Hellman exchange, public-key cryptography please watch the linked videos before reading the explanation.

The goals of the Signal protocol are fourfold: (1) ensure Signal's servers can't decrypt user's messages, (2) prevent evesdroppers from decrypting messages, (3) let users communicate even when one of them is offline, and (4) thwart attackers that have even stolen the latest encryption keys from decrypting any previous messages or future messages (but not the latest one of course). The first and second goal is acheived by having every Signal user store his private keys on his own device and encrypting with them (or other keys that require his private key to generate). This is called end-to-end encryption and is the bare minimum for a secure messaging protocol. The third goal is met by Signal running a server that stores user's public keys (sent to the server when a user creates them), associated with their phone number, and relaying encrypted messages to their destination. A simplified view of the protocol is this: the sender (let's call him Dog) asks Signal's servers to send him his receiver's (call her Cat) public key, the server sends Dog her public key, Dog encrypts his message with Cat's public key, he sends the encrypted message along with his destination phone number (Cat's) and sending phone number (his own) to the server, Signal's servers stores the encrypted message until Cat downloads her latest messages from the server, the server (supposedly) deletes Cat's encrypted message, Cat decrypts Dog's message with her private key, and she reads it. If one is being a critical cryptographer, he may notice that Signal could send Dog their own public key that they generate instead of Cat's and perform a man-in-the-middle attack. Dog can verify that the public key Signal's server sent him is truly Cat's key by clicking on her contact, tapping "safety number", physically meeting up with her, and comparing "safety numbers".

The Signal protocol is a tad more complex than the preceding explanation since it has to meet the fourth goal of not allowing an attacker to decrypt all messages in a conversation if he comprimises their identity keys or latest message keys. Each user's identity key is a permanent key used for authentication and is in each of their keychains. A user's keychains also contain a prekey and a unique one-time prekey. Users generate several keychains and upload them to the server. The first message sent encrypted with a symmetric Diffie-Hellman key generated from the public keys in one user's keybundle (identity key, prekey, unique one-time prekey) and the private keys (just identity key and a unique ephemeral key) of the other user's bundle. Since Diffie-Hellman can generate the same key from a public key A with private key B and private key B with public key A, the reciever can look at the metadata the sender attatched, figure out what keys he must use to generate the first symmetric key, and decrypt the first message. So, why the complexity of multiple unique keyrings of the receiver stored on Signal servers and the sender's unique ephemeral key generating a symmetric key? Well, it forces an attacker who comprimsed the receiver's identity key to have to keep on comprimising the new unique one-time keys that the receiver is uploading to Signal's servers. The ephemeral key and identity used by the sender means the attacker would have to nab both (and the ephemeral key is only generated when they start texting). After they establish initial symmetric keys, the Signal protocol goes one step further. It uses a "double rachet" system to generate new symmetric message keys for each message based on a Diffie-Hellman exchange each message and the previous symmetric key. The Diffie-Hellman exchange ensures future secrecy (comprimisng a previous message key won't break all future messages) and the previous symmetric key ensures backward secrecy (comprimising a future message key won't let an attacker break the previous messages).

Bad Things about Signal

Signal is not the last word on secure messaging. Its servers present a single point of failure and it's phone number requirement makes anonymous communication a joke. Decentralized software like Matrix, XMPP, Tox, Jitsi, and Briar are all unique solutions to Signal's problems and warrant consideration by anyone seeking greater control and anonymity.

iOS Installation

  1. Launch the app store, search 'signal', and install this result.
  2. When Signal finishes installing, open the Signal app.
  3. Allow Signal the permissions it asks. It is safe enough to grant the Signal app these permissions because it is free software and is popular enough that smart cryptographers are always examining the code for dangerous bugs.
  4. Enter your phone number. Signal uses phone numbers as usernames and as optional 2-factor authentication. Note that it doesn't have to be the same number on the device you are setting up Signal on. For improved anonymity, purchase a burner phone to verify Signal with.
  5. Click the 'From messages' button to automagically verify your phone number with the code Signal texted you.
  6. Create a unique PIN for the Signal app. This PIN secure your Signal account in case an evildoer steals your phone number.
  7. Click on the icon in the upper right to send or call someone in your Signal contacts. If you gave Signal permission to view your contacts (an action which should be safe, as Signal is free software), then the contacts of any of your friends who use Signal will already be there.
  8. (Optional) For friends who use Signal but whose contacts you do not have click the 'Find by Phone Number' button and manually enter their number.
  9. After clicking on your friend's Signal contact, touch the phone icon in the upper right to call them or type in the bottom box to text them.

Linux Installation

Use your distribution's package manager to update your local repositories, upgrade your old packages (if on a rolling release distro), and install the latest version of Signal. The command for Debian is longer because Signal is not in the official repositories so Signal's very own repository must be installed. If your distro's repositories does not have Signal then move to a real distribution or build Signal from source.

After installing Signal, scan the QR code from your phone on the Signal app to set up your computer under your Signal account.

March 30, 2021

Freedom Guide to Intel ME on old ThinkPads

funny picture mocking Intel ME

All About ME

The Intel Management Engine is a miniature CPU found in all Intel chipsets since 2006. Intel created it ostensively to help systems administrators remotely manage employee's computers. The Management Engine or "ME" became the sysadmin's best friend by logging events back to their server, enabling remote BIOS updates, and giving them remote control of the device. Unfortunately, the ME is not all sunshine and flowers. To make these useful features possible, the ME is granted intimate access to the device. The ME has direct memory access to all RAM, has network access that bypasses the computer's firewall, and is always on. If this isn't alarming enough from a security perspective (multiple vulnerabilites have been found in this chip that would give hackers undetectable, full control of devices), it is terrifying to anyone concerned about the growing survillence-state. Big tech companies like Microsoft have a history of complying with the US government's orders to insert backdoors into products and government intelligence agencies have the legal authority to force unwilling companies to do so.

The Three Eras of ME

here. The Lenovo BIOS update images that I have linked to is used for updating the EC firmware before flashing Libreboot. Instructions on updating the EC firmware (along with updating the BIOS) are found here.

Corebootable ME-neuterable ThinkPads

[1] This talk has good information on the origins of ME but contains faulty reasoning that leads Skrchinsky and Corna to conclude ME is no big deal. For instance, externally testing ME is not comparable to a source code audit because it cannot disprove the existance of backdoors triggered by a special, untested code. In addition, the US government requesting the HAP bit does not prove that ME is innocuous, if anything it suggests the government knows ME for the security liability it is.

December 6, 2020

Learn How to Read Sanskrit (with Mnemonics & Examples)

Here's the Script

Just as the English language has a script to write in, the Latin/Roman alphabet, the language Sanskrit has a script to write in, the Devanagari abugida. In order to correctly speak or meditate on a Sanskrit mantra, knowledge of how to read the Devanagari is needed. Many gurus consider the proper pronunciation of a mantra essential to experiencing the energy inherent in the mantra [1]. Or if you are learning to read Sanskrit you must also learn the Devanagari abugida, just as to understand a book written in English, you must learn your ABCs.

Despite how strange and foreign 'abugida' sounds, reading an abugida is easier than an alphabet. An abugida is a script or writing system where each unit is based on a consonant-vowel sequence, while an alphabet is a script where each unit can represent many possible sounds, with the sound based on the particular word. For example, in our Roman alphabet, thorough and tough have the same letter t but create different sounds. In an abugida there is no ambiguity; one sign = the same sound every time.

To help us learn the pronunciation, the sounds of Devanagari writing can be transliterated or rewritten in the International Alphabet of Sanskrit Transliteration. Despite being called an alphabet, the IAST was designed to leave no ambiguity in its pronunciation; each IAST letter corresponds to a one sound and one sound only. For instance, the IAST transliterates अशोक (Aśokaḥ, Ashoka) into Aśokaḥ and mūṣaka into मूषक (mūṣaka, mouse).

Independent Vowels

Chart of independent vowels in Devanagari

Vowels are sounds that are produced with little constriction in the vocal tract. Most vowels consist of only one sound and are called monophthongs while a few vowels contain two successive sounds and are called diphthongs. An English example of a diphthong would be the y in cry where the a as in cola morphs into ī as in bee. Monophthongs are classified into short vowels and long vowels based on their length and come in pairs; however, the pairings are meaningless. Each vowel in a short-long pair is a different sound.

Devanagari has an independent and dependent sign for each vowel. The independent signs come first in the chart and their dependent partner is in parentheses. The independent sign of a vowel is used when the vowel starts a word like in आत्मन् (ātman, soul) and इति (iti, why).

Despite short-long pairings being useless for pronunciation, they can help us memorize the signs because the pairs of short and long signs follow a pattern: The sign for a long vowel is the sign for the corresponding short value plus an extra bit. For instance ऊ, the sign for long u or ū, is the just उ, the sign for short u or u, plus a half loop smacked on the end of it. This mnemonic doesn't hold for the last four independent vowel signs, so they'll have to be memorized individually. To cut down your study time, don't bother memorizing ॠ (ṝ), ऌ (ḷ), and ॡ (ḹ), since they're rarely used.


Chart of consonants in Devanagari

In contrast to vowels, consonants are produced with constriction in the vocal tract. Most of the consonants in Sanskrit are stops, meaning we stop and then release the flow of air to produce them. Velar stops stop the flow of air in the back of our throat (the velum), palatal stops at the far back of the palate, retroflex stops at the back of the palate with the tongue curled back, dental stops at our teeth with our tongue touching our teeth, and the labial stops at our lips with our lips pressed together. English doesn't have retroflex stops but we can speak them by sounding their equivalent dental stop further back, with our tongue curled back and touching our palate. Retroflex stops sounds like an Indian accent because Indians mistake English stops that are between retroflex and dental for their native retroflex [2].

Stops are also divided based on whether they are voiced and/or aspirated. The vocal cords vibrate in voiced stops like द (d) but rest in unvoiced stops like त (t) . Aspirated stops are spoken with a puff of air while unaspirated stops are spoken without the puff. Aspiration is tricky because we don't make that distinction in English; if you say the p sports with or without aspiration no one will be confused. Even though aspiration doesn't impede our ability to understand English, we still speak some words with aspiration and some without. To get a feel for unaspirated and aspirated sounds, put your hand in front of your mouth and say spot, where the p is unaspirated, and pot, where the p is aspirated. The fifth column of the table contain the nasalized stops, stops produced with the same, ordinary points of articulation (dental, velar etc.) but with the passage to the nasal cavity open. This concept of "nasalization" will reappear when we learn about the anusvāra.

In addition to stops, there are semivowels which have so little constriction they are almost vowels, silibants where the tongue approaches the roof of the mouth to make a hissing sound, and a single, lonely h.

Consonant signs aren't like vowel signs, where different signs are used depending on if the vowel starts a word; consonant signs can be used anyplace in a word. Take a look at देशिक (deśika, spiritual teacher) which uses consonants द (d), श (ś), and क (k).

Consonant, Meet Vowel

Chart of dependent vowels in Devanagari

If consonant signs are the house of Devanagari, dependent vowels signs are the decoration. Dependent vowel signs do not exist on their own, but combine with consonant signs to produce a consonant-vowel pair (in that order). To write rīti, one must combine र (r) and ी (ī) to get री (rī), combine त (t) and ि (i) to get ति (ti), and then stick them end-to-end to get रीति (rīti, manner). Similarly, to spell kumāra, one must combine क (k) with ु (u), म (m) with ा (ī), and unite them with र (ra); to form कुमार (kumāra, young man). But wait just a minute! The consonant र (ra) didn't combine with any dependent vowel sign to get that cute a attatched to it. This is a neat space-saving rule of Devanagari: because the vowel a is used so frequently, it is implied after consonants that aren't combined with any dependent sign. To opt out of this "default a", a consonant sign must have a virāma or downright stroke fixed to the bottom of the sign like at the end of क् (k), जलमुच् (jalamuc, cloud), and रहस् (rahas, mystery). As we will see, there are special rules for consonants that don't precede a vowel in the middle of a word, so the virāma is only used on vowelless consonants that end a word.

The only three exceptions to these rules are ह्र (hṛ), र्ु (ru), and र्ू (rū). The vowel signs are placed inside these consonant signs. I have a mnemonic to remember these special cases: Rubin and Rūbin got sent to hṛ.

Lucky for us the dependent vowels follow a pattern that makes memorization easier. For each pair of signs, the first sign has less lines (ृ), is pointing left (ु), or is on the left (ि) and the second sign has more lines (ॄ), is pointing right (ू), or is on the right (ी).

Consonant, Meet Consonant

Similar to how a consonant sign combines with the following vowel sign to make a single consonant-vowel sign, a consonant sign followed by another consonant sign combine to produce a conjunct consonant. Since consonant signs aren't made to fit together like consonant signs and vowel signs (vowel signs have a blank space for the consonant to go), creating a conjunct consonant is more complicated. Because no one wants to memorize 1296 (36 consonant signs * 36 consonant signs) different conjunct consonants, the formation of each conjunct consonant follow these rules below. We don't need to fret about memorizing all of the exceptions to these rules since by definition they are exceptions and so won't come up often. Even when one finds an exception, guesswork is usually enough to figure out the meaning of the conjunct consonant.

Conjunct Consonant Rules

Three and rarely four sign conjunct consonants exist. To make one, apply the usual rules to the signs, left to right. For examples: ज् (j) + ज् (j) + य (ya) = ज्ज् (jj) + य (ya) = ज्ज्य (jjya); त् (t) + प् (p) + ल (la) = त्प् (tp) + ल (la) = त्प्ल (tpla); र् (r) + ष् (ṣ) + व (va) = र्ष् (rṣ) + व (va) = र्ष्व (rṣva).

Consonant, Meet my Good Friends Visarga and Anusvāra

The visarga, ः (ḥ), is added to the end of a word and is spoken as a soft breath of h and the vowel preceding the visarga. For instance in बान्धवाः (bāndhavāḥ, friend) the last syllable would sound like a quiet ha since a short a came before the visarga.

When the anusvāra, ं (ṃ ṅ ñ ṇ n m m), is added to the end of a word it is spoken as ṃ. Ṃ is not the same sound as m; ṃ is a Sanskrit-specialty that is produced by simply closing the mouth and relaxing the tongue. This use of the anusvāra is seen in words like अस्माकं (asmākaṃ, our). When the anusvāra is in the middle of a word it is spoken as the corresponding nasal consonant of the consonant after the anusvāra. To find the "nasalized" version of a consonant, find the consonant in the consonant chart and look across the row to the column labeled nasals. A more intuitive way of nasalizing a consonant is to try for one of the nasals sounds (ṃ, ṅ, ñ, ṇ, n, m, or m) in whatever tounge position you would use for the consonant. Since the bottom two rows of semivowels, silibants, and h have no corresponding nasal consonant the anusvā takes the meaning of ṃ, like it does at the end of words. To illustrate, in संस्कृत (saṃskṛta, Sanskrit), the consonant after the anusvāra is स् (s). Because स् (s) is a silibant, the anusvāra is pronounced as an ṃ. However in संजय (sañjaya) the anusāra comes before the consonant j. As j nasalized is ñ (see the consonant table if you're confused), the anusvāra is spoken as an ñ.

To Summarize...

Examples from Stories & Buddhist Mantras

For more practice, check out the Rig Veda or the Gaayatrii Mantra.

To check your transliteration on an unknown text, use Ashtanga Yoga's great computer transliterator

[1] "Some people affirm that it is not important to pronounce Sanskrit perfectly when reciting or chanting sacred texts ... [however] when one pronounces Sanskrit perfectly in chanting, the effect is immediate and inexorable"


October 25, 2020

Want Scientific Articles? Just Use SciHub!

Elbakyan, creator of scihub

Online scientific articles are an extremely useful source of knowledge in botany or any other field. They are indispensable for getting to the bottom of obscure or precise questions; some findings are just not written about in other media [1]. In addition, looking over the methodology and conclusion sections of experimental papers gives a better picture of the validity and applicability of the experiment's results. It's easy to forget botany doesn't consist of indisputable facts that everyone but idiots are in consensus with, but consists of competing and often controversial explanations with experimental results giving credence to many sides [2]. The media frequently misrepresents the soundness and meaning of findings so hearing it from the horse's mouth is the only option.

Despite the usefulness of digital scientific articles, three-quarters of them are locked behind expensive fees or unaffordable scientific journal subscriptions. If you ever click on an article and only have access to the abstract or summary of the paper, you've hit a paywall. You could be forgiven for thinking these fees are a necessary evil that provides scientific institutions with the money needed for research. This is not the case. The money from these paywalls go to "scientific journals", businesses that collect papers from researchers, have other researchers review them, and make a killing selling them back to other researchers and other interested people [3]. Journals do serve the purpose of vetting papers and giving credibility to the "good researchers" that get published but are they worth the cost? In the face of massive journal prices, some journals have gone "open access" where they find voluntary funding from universities or charge a fee to researchers who submit a paper. They still occupy a small share of the market and may never take over as the dominant form of publishing articles.

SciHub is a radical solution to the current system of scientific knowledge being behind high-priced tolls. SciHub was a pet project started by the ideal-driven Kazakhstani scientist Alexandra Elbakyan. She keeps a database of almost 50 million scientific articles that she serves for free on her site without regard to copyright. She uses controversial means to obtain the articles: accepting donated journal logins, buying university logins, and possibly buying stolen logins [4]. It's no surprise that the journals are trying to take down SciHub, a threat to their business and proof a donation-run host for science works. The American Chemical Society succeeded in getting a US court to authorize forced blocking of SciHub by ISPs, search engines, hosting providers, domain name registrars [5]. Elbakyan has managed to keep SciHub alive against the backlash from journals by switching hosting from CloudFlare and getting new domain names when one gets blocked.

As of October 25, 2020, SciHub is accessible from,,,,, and LibGen, a site similar to SciHub that includes academic books, is available at []( Downloading books differs from downloading scientific articles in some of the money paid for the book actually supports the author,so this may be a different ethical issue for you. Accessing these sites may or may not be illegal in your country but prosecution for users seems to be very rare. Accessing and downloading papers through [the Tor Browser Bundle]( encrypts your web traffic's destination and prevents your ISP from seeing your activity and snitching on you [6].

Scientific articles are an essential source for learning about plants. Reading from other sources can only take you so far and can give a skewed or incorrect view of what we know. With the academic system setup so most scientific research requires payment to large publishers that provide little benefit, SciHub offers a way out. SciHub pushes us closer to a world where science is more open to everyone, regardless of how much money they have or whether they are in the academic system. Do you want to learn about something? Just use SciHub!

[1] The only way I got to the bottom of the evolution of sassafras leaves was with several scientific articles.

[2] The entire field of phylogenetics

[3] One of the "big five" scientific journals, Elsevier, posted a 36% profit margin in 2010. if that isn't a killing, than what is? source:


[5] The fact the court gave the ACS the power to order these "internet intermediaries" to censor SciHub is frightening for free speech on the internet. luckily, the order doesn't seem to be enforced on search engines, ISPs, and some domain name registrars since I can still find SciHub with google and access it through Verizon.

[6] You could also use a VPN to safely access SciHub; However, Tor is free.