I just rediscovered this video that was published during the pandemic lockdowns, and heavily features Slabovia (and yours truly). It's on the "This Exists" YouTube channel:
That video also references this one, on the "Not Exactly Normal" YouTube channel - he came to MicroCon 2019 in Hamilton:
Enjoy!
My thoughts on "micronational war" (being a very silly concept) are, I think, well known.
And, as documented here recently, I don't think micronations really need "intelligence agencies".
Thus, it might surprise some to learn that (with certain caveats) I think that a micronation should consider having a military!
I'll precede the rest of this with a pair of caveats: first, as I've discussed before, you want to beware of "stolen valour" (or valor, for the Americans) accusations, so avoid using any real-world uniforms or insignia. And, second, I will remind you again that micronational war is a silly idea, and therefore you certainly shouldn't be running around in the woods playing "silly bugger" and risk being mistaken for a "militia".
With that out of the way, yes, I think your micronation (if large enough) should consider having a military. Why? Well, for several reasons, actually!
First, with a military you generally get uniforms, and having several people representing your micronation all wearing the same uniform establishes a "look" that (in my opinion) heightens the apparent professionalism.
 |
| Slabovian Navel officers (plus the queen-consort) at MicroCon 2025 |
Second, having that body of uniforms to draw on can be handy to provide a visible presence. For example, we had a number of Slabovian navel (sic) officers on hand for MicroCon 2019, as well as providing a uniformed presence for the treaty signing and transfer of equipment for Operation Pole Dance in October.
 |
| A few of our Navel officers "hamming it up" with Grand Duke Travis of Westarctica at MicroCon 2019 |
 |
| Slabovian Navel personnel provide security for the signing of the Micronational Space Cooperation Treaty from West Who |
Additionally, depending on the circumstances of your micronation, your military can also form the core of an emergency response plan in the event of natural disasters, etc.
Just remember that these are volunteers; you shouldn't be ordering them around as a dictator or you'll quickly find you have fewer citizens (and possibly fewer friends).
Last time, we started talking about cryptography. After all, if you're going to have a micronational spy agency, you need to know how to keep your secrets, well, secret.
Enigma was a cryptography system used by the Germans in World War Two. Actually, it was a whole family of ciphers, including different strengths for business, diplomatic, and military use. It had a series of internal rotors that changed positions in a defined pattern with every letter typed on the machine's keyboard. When a letter key was depressed, a circuit was completed through the rotors and a corresponding ciphertext letter would light up above the keyboard. Using the same rotor settings, entering ciphertext would result in the corresponding cleartext. The history of Enigma is fascinating, but you can ignore U-571 in terms of historical accuracy. The Imitation Game is somewhat more fact-based, but ignores that Poland had cracked the code as early as 1932. There are a number of "Enigma Emulators" available online, such as this one.
 |
| A Military Model Enigma I, in use from 1930 By Alessandro Nassiri - Museo della Scienza e della Tecnologia "Leonardo da Vinci", CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=47910919 |
We talked previously about symmetric and asymmetric encryption. Until the 1970s, symmetric encryption was the only option available. The problem with symmetric encryption is that the receiver needs to also have a copy of the key in order to be able to decrypt the message. So, you need to send the key to the receiver, but without anyone else being able to capture/copy it. The Data Encryption Standard (DES) used symmetric encryption, but with a key length of only 56 bits, it is pretty easy to crack on modern computers. Triple DES, or 3DES, gets a bit more clever by using three keys - first it encrypts the data with one key, then decrypts it with a different key (which would really be a second round of encryption) and then a third key is used to encrypt it again (again). 3DES is considered to be fairly secure, but very slow due to the three rounds required.
DES and 3DES are also examples of what's called a "block cipher", meaning it works on "blocks" of data of a defined size (64 bits in the case of DES/3DES) - if you don't have enough data the block needs to be padded out to the defined size, which in some cryptographic systems can be a weakness. Some cryptographic systems are "stream ciphers", meaning that each character coming in is acted upon separately. They tend to be faster than block ciphers, but may be more susceptible to certain forms of attack.
Modern cryptography tends to use systems such as AES, the Advanced Encryption Standard, which is derived from Rijndael, which was developed by Rijmen and Daemen, two Belgian cryptographers. Like DES and 3DES, it's a symmetric-key algorithm, so it's faster but requires keys be communicated.
"Public key" encryption systems expose part of the secret as the "public" part of the key, and keep the rest of the secret as the private key. They do this by exploiting a trick of mathematics - it's very easy to multiply two numbers together, but it's much harder to figure out what two numbers were multiplied together to make a number (i.e., "factoring"). Recall that prime numbers are only divisible by themselves and 1. A product of two primes (say, for example, 3 x 7 = 21) can only be factored into those two primes. Now, 21 is pretty easy, but what about the number 212583? The larger the primes, the harder it is to factor the product and determine the prime numbers used, and public key encryption uses VERY large numbers, like 1024 bits. (A 1024-bit number represents values between 1 and 179769313486231590772930519078902473361797697894230657273430081157732675805500963132708477322407536021120113879871393357658789768814416622492847430639474124377767893424865485276302219601246094119453082952085005768838150682342462881473913110540827237163350510684586298239947245938479716304835356329624224137216.)
As an aside, one of the promises/threats of quantum computing is that it makes this sort of factoring of very large numbers MUCH easier. In response, the National Institute of Standards and Technology (NIST), the US government agency that certifies cryptographic algorithms for use, has already released "quantum-resistant cryptography" standards.
In practice, when you visit a website protected by Transport Layer Security (TLS)(*), your web browser is using a mixture of public key (asymmetric) and private key (symmetric) encryption. When your web browser first connects to a web server, it looks up the server's public key based on its digital certificate, and uses that public key to initiate communication with the web server, perform the "TLS handshake", and set up a session-specific encryption channel. Once that encryption channel is established, a private key is shared (or independently computed by both sides), and that private key is what's used to transmit most of the data (since, recall, symmetric encryption is generally much faster).
Is there such a thing as an unbreakable cipher? Actually, yes - the one-time pad (OTP), when properly prepared and distributed, is provably unbreakable. You need a pre-shared key that's larger than the message being sent - a long sequence of randomly generated characters, for instance. Then you add each character of your message's cleartext to the next character in the OTP to generate the ciphertext. The receiver does the same in reverse with the ciphertext, subtracting characters from the OTP to generate the cleartext. However, you need to distribute the one-time pads. As long as the OTP is never re-used, it was truly randomly generated, and nobody else has managed to get a copy of it, your message will be unbreakable. If you want to try generating your own one-time pads, I find that random.org does a good job of generating randomness.
(*) = You may sometimes hear people refer to TLS as "SSL". This is wrong. Secure Sockets Layer (SSL) was what was in place before TLS, but it's been deprecated since 2015 because it's pretty convincingly broken. Also, only TLS 1.2 and/or TLS 1.3 should be in use, TLS 1.0 and TLS 1.1 have been deprecated for about five years as of time of writing
First, apparently I missed my posting on Tuesday last week - I was in a cybersecurity competition all weekend and forgot to make sure I had postings queued up here, as well as on Instagram (MEDALS Monday and Travel Thursday posts) and on Tumblr (Wednesday Slabovian factoid) and Facebook (Wednesday meme post). Oops. Let's see if we can get back on track this week!
So, let's keep talking about micronational spy agencies, because it's fun. Today, I want to talk about cryptography, because what good's a spy if they don't have their codes, right?
Let's start with some terminology.
First the obligatory etymology: the word "cryptography" comes to us from the Greek words kryptos (hidden or secret) and graphein (to write), so it literally translates to "secret writing".
Basically, cryptography is the technique of making unreadable gibberish out of a message, but in a way that can be undone later so the original message can be read. (This is unlike a "hashing function" like MD5, which is a one-way function; there's no easy way to determine the original message from the hash.)
The method or algorithm we use to encrypt and decrypt the message is called the cipher. The unencrypted message is usually referred to as plaintext, while the encrypted message is called ciphertext.
 |
| The encryption/decryption flow |
Historically, cryptographic systems were either substitution ciphers or transposition ciphers. A substitution cipher literally just substitutes a letter for a different letter (or a symbol) in a known way. Morse code is a substitution cipher of sorts, as is ASCII encoding. One of the first known substitution ciphers in history was the Caesar cipher, invented by Julius Caesar himself. He just shifted each letter by three positions in the alphabet, and the last three letters "wrapped around" to the front. So A would become D, B would become E, and so on, and when you got to X, Y, and Z, they would become A, B, and C respectively. A more modern version of the Caesar cipher is "ROT-13", which rotates each letter by 13 places in the alphabet.
As an aside, a lot of "alien languages" in science fiction movies and television shows tend to just be substitution ciphers - basically they write the message in English and then change the font to the galactic equivalent of "Wingdings". Aurebesh (the language used in the Star Wars films) is a bit better, as it uses 34 symbols rather than 26, adding specific symbols for sounds such as "Ch", "Sh", and "Th".
All substitution ciphers suffer from the same basic problem: predictability. We know that, for instance, E is a much more common letter in the English language than, say, X, so a "frequency analysis" of symbols will quickly help us determine which letter is probably an E. Also, short words such as "the" occur very frequently in English, so if we already suspect that H is the ciphertext for E, and we see WKH several times in our ciphertext, then WKH is probably the encoded THE, and now we have a couple more letters. By proceeding in this way, given enough ciphertexts you can always crack a substitution cipher.
Transposition ciphers, on the other hand, try to "scramble" the plaintext (albeit in a predictable way, so the scrambling can be undone) to generate the ciphertext as a permutation. For example, you could just write all of your text backward. Historically, these might have been tough to crack without knowing the key, but not impossible - if you have some idea of which words should appear in the plaintext, and you can identify the corresponding letters in the ciphertext, that can help you determine how the scrambling occurred (and how to reverse it). Modern computers can generally apply brute-force solving methods to quickly crack such ciphers. (When I run across such ciphers during cybersecurity competitions, I usually go to dcode.fr as my first stop - it can often identify the cipher AND solve it in a matter of seconds, by trying various permutations and combinations and looking for English-language words in the results.)
Based on the above, you can probably determine that more effective cipher systems will combine substitution and transposition...
Next time we'll continue talking about cryptography, including more modern systems.
I forgot to mention a couple of things in last week's posting about micronational spy services.
First off, some techniques commonly depicted in spy movies (like planting listening devices) can be illegal in some areas, as is planting an "air tag" to monitor someone's movements. Don't break the law.
Second, a lot (I think I've seen estimates as high as 80%) of intelligence is actually "OSINT", or open-source intelligence. In other words, it's all about knowing where to look, usually online. Sometimes this is as simple as browsing the website of your target. If they publish photos, you can examine the image attributes - if they haven't sanitized the photo, those attributes can reveal where the photo was taken, the kind of device used, and other interesting information. Another trick is to look for a file called ROBOTS.TXT - it's used to discourage a web crawler for looking in certain directories/files, but it can also tell you where you should look. However, this is starting to blur the line of "hacking", so use this trick with caution - again, don't break the law.
You can also set up various tools to periodically update you on topics of interest. For example, in my "day job" in cybersecurity, I set up a Google keywords alert search that fires every morning at 6am and delivers a summary of news articles in the last 24 hours that included various keywords such as "zero-day" and "hacker", but you could set one up that monitors for mentions of (for example) "micronation" and "Slabovia". You can set up your own Google Alert here.
There are many tools and videos you can use for OSINT - when you start getting into it, it's somewhat scary how much information can be gathered on someone. Please, use this information for good, and don't break the law.
 |
| Stock photo from Microsoft O365 |
I'll preface today's blog posting with this: while I do not claim to have worked for any intelligence agencies, I've taken multiple courses in intelligence analysis, and I've been both a producer and consumer of intelligence in my "day job" in cybersecurity, so this is all coming from a place of some experience.
Some micronations establish spy agencies. They probably don't need them.
First, why do spy agencies exist? Simply put, the way it's supposed to work is that intelligence informs policy. Policy-makers rely on intelligence to make decisions, support or change policies, and gain a knowledge advantage.
Thus, since micronations for the most part don't have policies beyond who they are friends with, they don't need intelligence agencies.
However, if you decide that your micronation really MUST have a spy agency, at least learn the basics. For starters, there's something called the Intelligence Cycle.
 |
| The Intelligence Cycle |
Next is gathering - this starts with a plan based on the requirements. For example, given the question, "what is the strength of the navy of country XYZ?", you might rely on satellite imagery, human intelligence (maybe you have someone on the inside?), open-source intelligence (maybe they publish the information on their website!) and so on.
Then you have to process the information - this may include translation from other languages as well as assessing the reliability and accuracy of the information and its sources. Do you trust your person working for the navy of XYZ, or have they been compromised and used to feed you false information? Often, this assessment is done using the Admiralty Code, which assigns values to both the source reliability (A = completely reliable, F = completely unreliable) and the reliability of the information itself (1 = verified accurate, 6 = known to be false), and plots the results on a table similar to the below.
 |
| Admiralty Code for assessing information reliability |
Analysis involves taking all of the disparate pieces of information you've gathered and determining the "big picture". If your source in the XYZ navy is saying their fleet is in the harbour for refit, but the satellite imagery shows the docks are empty, that's a mismatch that needs to be taken into account.
Finally, dissemination is the act of reporting your findings back to the policy makers - answering their original questions. This almost invariably leads to more questions, which is why the whole thing is a cycle.
Classification is about assigning a level of secrecy to intelligence. Often, this is more about protecting the source, rather than the information itself. For example, if you've got a mole in XYZ's navy, you want to keep that fact protected, both to protect the mole and to ensure the information keeps coming, so information coming from that source would be highly classified.
Typically there are several levels of classification:
If you want to know more, there are various online sources to pursue. For example, here is a US Army Intelligence Analysis field manual, and here is a manual from the United Nations Office on Drugs and Crime (UNODC) on criminal intelligence (which focuses on what criminal groups are doing, rather than nation states, but the basic techniques are similar). You can also find reprints of both modern and historical intelligence manuals on sites like Amazon, although a lot of that tends to be stuff that you could find online anyway, if you looked for it.
Oh, and you can take a look at West Who's spy agency - they're having fun with it anyway.
Part of the reason I set up this blog is to help people "put a little royalty into their life". To that end, I've kicked off this semi-regular series of postings about bringing the castles of Europe to you, sort of. Similar to the "Gothic Homemaking" series of videos that were put out by Aurelio Voltaire (over on YouTube), this will be a recurring series on how to make your own life, well, a bit more royal.
To bring you up to speed, part one of this series can be found here, part two of this series can be found here, part three is here, part four is here and here is the fifth part. Finally, part six is here.
We've talked about setting your table (part five) and planning the banquet (part six), but so far I've sort of hand-waved about the actual food. Well, there are a few options if you're looking for somewhat regal recipes and inspiration...
Assuming your monarchy is Euro-centric, there are a number of online options, including recipes from the Royal Collection Trust and some recipes from Max Miller's "Tasting History" YouTube channel (see below).
There are a number of YouTube video channels that focus on historical recipes, which often include more royal dishes, such as Max Miller's Tasting History and the English Heritage channel.
If you prefer cookbooks, Max Miller also has a cookbook called Tasting History: Explore the Past Through 4,000 Years of Recipes (Amazon link, non-affiliate - I don't make any money off of it!), and the Royal Collection Trust has a couple of cookbooks available here. A quick check of Amazon shows various cookbooks based off of shows such as Bridgerton and Downton Abbey.
 |
| The dessert sponsored by Westarctica at MicroCon 2019. Yes, I know, I've used it before, but I don't seem to have many pictures of the food served at MicroCons! |
