December 2003 - cypherpunks-legacy

Re: CVS: cvs.openbsd.org: ports
by Warner Losh 17 Dec '03

17 Dec '03

In message <E0xLTBc-0001Bo-00(a)rover.village.org> uk1o(a)rz.uni-karlsruhe.de writes: : How about suggesting a make variable HAS_LIBCRYPT to the FreeBSD people? : We could set it in <bsd.own.mk> or something like this (to a value : meaning "we don't have it and we don't need it either), and FreeBSD could : do similar. The problem isn't in the BSD make files, but rather in the makefiles of the ports. True, many FreeBSD ports' patches add -lcrypt blindly to the makefile, but that could change. : Another way were patching the third party program's Makefile accordingly. : We should introduce a patches-${OPSYS} directory having precedence before : the patches directory of a port. Thus we could maintain our special patches : for ports which need them while continuing to use the FreeBSD ports where : they work out of the box. I see now that this is already implemented in : <bsd.port.mk>, so we could just USE that. There already is the patches-${OPSYS} that can be used for this purpose. Warner

1 0

I have seen the future.....
by tech21＠tectel.com 17 Dec '03

17 Dec '03

I HAVE SEEN THE FUTURE And it will change your world soon... I receive a lot of telephone calls. All of them interesting-some of them fascinating. Seldom though, do I receive a call that I would truly refer to as "compelling." That is, of course, until my phone rang about 3 weeks ago. I still can't believe it. Odd call. Gentleman wanted some information-specific information. Of course I had a few questions that I needed answered first. "What's the product?" "Can't tell you," came a rather hollow reply. "Can't tell me? Why not?" I pressed, becoming increasingly more curious-and irritated-by the moment. Seeming to change the subject he said, "We want you to come take a look, and give us your opinion." "Come where? And give you my opinion on what?" "We'll send you a plane ticket." Three days later, I found myself staring out the window of that early morning Delta flight as we made our final approach, wondering what in the world I have got myself into. Met with the founders and the young man who had invented the technology. I guess it was about 55 minutes into the presentation that I understood what these guys were up to, and the profound effect this was going to have upon the world-our world. While I sat there riveted on the CEO's every word, transfixed by the passion emanating from his steel blue eyes, I felt like some character in a spy novel, conspiring on a plot to overthrow the government. One day, I'll tell you the whole story. What you ask could have such a profound effect upon our world? THE TOTAL DESTRUCTION OF THE TELE-COMMUNICATION INDUSTRY AS IT CURRENTLY EXISTS!! I've recently been invited to the high technology company discussed above. It is a new publicly traded company. It will be the Microsoft of the telephone industry. It is extremely well funded and has patented high technology. The proprietary technology is the most significant advance in over 100 years of tele-communications. Protected by 2 patents covering 48 applications, we have a private network infrastructure at a pre-opening investment of approximately 23 million dollars. We are not re-sellers of Long Distance time; rather a direct competitor to AT&T and others. To illustrate the potential of this proprietary technology: the internal cost of AT&T to complete a call is calculated at approximately 3 cents per minute; MCI and Sprint the second and third largest competitor based on cost of approximately 4 cents per minute. Our private network "compression technology" can accomplish the same call for as little as 2/ 100th of a cent per minute. For example, AT&T and MCI just announced they were going to cut their basic rates by 5% during the daytime and 15% during the nighttime. On a 15 minute coast to coast call AT&T's new price will be $4.65 during the day for their average customer, our regular price to every customer every day (24 hours per day, 7 days per week) is $1.18. We can afford to beat AT&T pricing because of our technology. But you ask, do I have to use any special equipment. Absolutely not. Just pick up the phone and call the party you want to reach. Pricing is only the tip of the iceberg with our new technology. Our multimedia products are going to make your life so much easier. Star Trek is here, right now and our smart communications platform will bring it to you. AT&T, MCI, and Sprint, look out there is a new major player in town. We will only work with a limited number of individuals to launch this company. If you think you have what it takes or have proven that you do, do not wait a moment longer. This is a ground floor business opportunity, with a compensation package potentially 300% more lucrative than our nearest competitors. Would you agree I have something here that spells opportunity? If yes, we need to talk further, immediately. Call for information and cassette 1-800-741-6240 or e-mail us at technology(a)tectel.com Please indicate your name, address, and telephone number in the body of your response. ************************************************************ Removal Instructions... It is in no way my intention to send anything to anyone who is not interested in the information; If you would like to receive future updates, simply reply to this message with "subscribe" in the subject line to subscribe(a)tectel.com and indicate your name, address, and telephone number in the body of your response. Please complete all information. If we do not hear from you, you will be automatically removed from future updates and will not be contacted again.

1 0

Document on Customizing OpenBSD after install
by Marshall Midden 17 Dec '03

17 Dec '03

Is there a checklist someplace on what to do after the install of OpenBSD 2.2? I'm thinking like: 1) Go into /etc a) Verify disks and network interfaces configured correctly. Files: fstab, hosts, myname, hostname.le0, mygate, resolv.conf, defaultdomain. You might wish to turn off multicast routing in /etc/netstart. b) Edit motd to make lawyers comfortable and delete "Welcome". c) Fix passwd via "vipw" to change passwords, set up users, etc. Make sure password on "root". Default is no password from console, and disabled from network. Make sure to edit "group" for any user groups, and to put people into the wheel group if they need root access. d) Any local configuration change in: rc.conf, rc.local e) printcap, hosts.lpd Get printers set up f) Tighten security: fbtab Set security for X inetd.conf Turn off extra stuff, add that which is really needed. rc.securelevel Turn on Network Time Protocol. g) kerberosIV Get kerberos configured. Remember to get a srvtab. h) aliases Local mail delivery (set postmaster, etc). Run newaliases after changes. i) bootptab If this is a bootp server. j) ccd.conf If using concatenated disks (striped, etc). k) exports If this is an NFS server. m) NIS (old yellow pages), hosts.equiv, defaultdomain, etc. n) ifaliases for www, etc. o) daily, weekly, monthly. p) "amd" directory if using this package. q) rbootd if needed for remote booting (ethernet MAC address to IP translation). r) Any other files and directories in /etc. 2) crontab -l. Do you need anything else? 3) After the first nights security run, change ownerships and permissions on things. Best bet is to have permissions as in the security list.

2 1

Technical Description of PGP 5.5
by Bill Stewart 17 Dec '03

17 Dec '03

Jon Callas presented a technical description of PGP5.5 at this month's Bay Area Cypherpunks meeting, as well as flak catching on the politics discussion; Phil Zimmermann and other PGP folks also helped. This posting is an attempt to summarize the technical parts and leave the politics for other messages. Perhaps there's been some technical discussion on OpenPGP, but feel free to forward this there if not. 1) PGP 5.5 API Toolkit - It's the core of the PGP5.5 GUI and SMTP tools. It'll be out Real Soon Now. It's a major change from the PGP 5.0 Toolkit, which is based on ViaCrypt's older code. The toolkit knows about all the features in the message formats, so even if the application programs from PGP don't provide a given friendly or hostile feature, you can still write it yourself, and so can the Bad Guys. 2) PGP 5.* message format - unchanged - uses the multiple recipients, without any indication of or dependence on relationships between the recipients. The format is approximately Recipient Record 1 - KeyID1, E(sessionkey, PubKey1) .... Recipient Record N - KeyIDN, E(sessionkey, PubKeyN) Message - E(Message, sessionkey) KeyID is the 32-bit KeyID, rather than a fingerprint. I don't know if the format or the PGP 5.x software can generate or accept messages with recipient records for two different keys with the same keyid (or whether it matters if the keys are for DH*, RSA, or both.) * DH can be spelled "E L G A M A L" -- Blame Cylink :-) While 5.0 did introduce new data formats, they're not stealthy, and features like the SMTP filters depend on being able to know how many recipient-key records a message contains, where their boundaries are, and what their KeyIDs are. 3) PGP 5.* public key format - The 5.5 features are actually present in the 5.0 key record formats, but there wasn't any implementation that used the extra fields. The record for keys is about like this, though I may have some of the details wrong. The record for the RSA Keys uses the old format; this format is for newer keys. Key Record type KeyID UserName Algorithm ID - the interesting combo is ElGamal and DSA Encryption Key OptionalCMRK_1: (Mandatory/Optional flag1, Msg Recovery KeyID1) ..... OptionalCMRK_N: (Mandatory/Optional flagN, Msg Recovery KeyIDN) (Note: the format allows multiple records, PGP5.5 only generates one, though it might accept and use multiple. Nobody indicated whether more than one CMRK indicates that the sender should encrypt to all CMRKs, pick one, or do something interesting like secret-share.) (Note: the KeyID is a 32-bit KeyID, not the full fingerprint, which has amusing deadbeef attacks. (Unless I remembered wrong.)) Signature Key Self-Signature on (Encryption Key, Signature Key, UserName) (I don't know if the self-signature includes the CMRKs, but I think it includes the user names.) Optional_Signature_1: (Signature KeyID1, Signature1) ..... Optional_Signature_N: (Signature KeyIDN, SignatureN) (I don't remember if it's just the KeyID or the full fingerprint.) (Note: Signatures are only on the signature key, so you can change the encryption key and keep your collection of web of trust signatures; this is secure because the encryption key is signed with YOUR sig key, and your sig key is signed by your friends' sig keys.) The signature structure is interesting, since it lets you implement forward secrecy somewhat conveniently - just change your encryption key. I don't know if the 5.0 / 5.5 implementations can easily handle multiple records for the same KeyID, so there may be some transition issues, but that's an implementation question, not a data format question. The CMRK** is obviously the new and controversial feature. The key is attached to the recipient's key, not the sender's program, which has some implications in who has to participate in any message escrow activities and where they take place. To some extent this is planned, and to some extent it's just the consequences of what parts of the system you have control over and what you don't. This approach has the recipient publish a CMRK KeyID, and has the sender decide whether to use it, rather than having the sender's system specify who gets the CMR copy. - Since this is the data format, it doesn't have any control over what the sender really does; any enforcement is in the sender's or recipient's client or in the SMTP mail filters. - The format just contains the CMR KeyID, not the key itself; looking up the key is a separate job. (** Corporate Message Recovery Key? Cover My Rear Key?) NOT TALKED ABOUT, but possibly relevant: www.pgp.com says: "Using PGPs Administrative Wizard, for example, administrators can set key generation configurations; require encryption for all email messages sent by a set of users; enable corporate message recovery; and limit the ability of users to perform certain actions, such as key generation." I assume the parts about key generation are limitations on the client, either generating PGP Crippleware? It can't be that heavy a restriction, since users could use PGP5.0, or 2.6.2 if the rest of the company can accept RSA keys, but it's sounds disturbing and it would be nice to see documentation. Could it be limits in the keyserver instead? Also not talked about - CERTIFICATE SERVER, and CERTIFICATE SERVER REPLICATION ENGINE which has lots of cool LDAP directory lookup stuff. The web page didn't say anything about policy administration on the server, but it's another obvious hook, assuming people in a company use it (e.g. a key server could only store keys with CMRKey set to Mandatory, though I don't know if the initial PGP CS version does that sort of thing.) 4) PGP 5.5 Implementation and GUI - - When you generate a 5.5 DH key, you have the option of specifying a CMRK and setting the Mandatory/Optional flag. I don't remember if there's an option to force you to use the CMRK, or to set a default CMRK or default value for the Mandatory flag, but the PGP folks kept saying things about always asking you things and always letting you know when it's going to do things. - The PGP 5.5 implementation puts at most one CMRK in the record, though it doesn't choke on receiving multiples. - If you receive a key record containing CMRKs, PGP 5.5 stores them; I don't remember if it alerts the user at that point or only when the user uses the key later on. - If you encrypt a message using 5.0, it ignores the CMRK. - When you are encrypting a message, the GUI lets you pick what keys to encrypt to. If one of the keys has a CMRK, if the Mandatory flag is not set, it asks if you want to set the CMRK as a recipient. If the Mandatory flag is set, it puts the CMRK as a recipient. Either way, you can delete the recipient, and it doesn't enforce it, and it also makes the CMR keys show up in red etc. It will nag you if you delete a mandatory, but won't stop you. (I think I got those details right.....) Also, if there's a CMRK KeyID, and your keyring doesn't contain the key for that KeyID, it asks if you want to fetch it from the keyserver. - As far as I remember, if you have a CMRK Mandatory set on one of your keys, and you receive a message addressed to your key, it doesn't check if the message was also addressed to your CMRK. A Bad Guy could build an implementation that did this, but the messages are interoperable with PGP 5.0 and don't contain any indication that any recipients use or are CMRKs, so it's easy to work around if they do. And a Bad Guy could also build in Passphrase Leakage or other evil things anyway. Again, the CMRK belongs to the recipient, not the sender, and deciding to encrypt to it belongs to the recipient. The ViaCrypt BusinessGAK version had a feature that let you compile in a Message Recovery Key that the sender was forced to use (which was a clone of the Always-Encrypt-To-Self code.) This is #defined out in both 5.0 and 5.5; the PGP folks tried to see what happened if they #defined it in when compiling, and it nicely dumped core when they used it. 5) SMTP filters - PGP Policy Management Agent for SMTP is really separate programs for Incoming and Outgoing mail. None of the PGP 5.5 features do more than nag you about using them; they don't have an enforcement mechanism. The SMTP filters, on the other hand, are designed for enforcement, and some of the interesting security and control issues come from the interaction between the filters and the PGP5.5. The PGP folks said that their particular implementation was a quick and basic job using the toolkit - so even though it's not particularly draconian or intrusive, it's easy for people to write their own that are more hostile. Neither filter, for instance, saves copies or forwards copies of mail to an archive or corporate enforcers or runs scripts - all they do is pass or bounce the mail (with configurable message). But you could write one that did, if you were that type of company. Source is not provided ("Look, we have to have _something_ to sell"), but some of the toolkit example code will be fairly similar. The filters don't look inside encrypted packets (so they don't have to manage private keys or other dangerous things). This does mean that they can check for encryption or signatures, but can't check if there's a signature inside an encrypted message. 6) Incoming SMTP filter - Really simple Remember - CMRKs are attached to the recipient, not the sender; this is the only place you can enforce that for your employees. Incoming mail is checked to see if it's acceptable, and either passed to a "real" SMTP server or bounced with a message (typically includes a policy statement or URL and/or a pointer to a key server handling the CMRKs.) Note that all the filtering is based on KeyIDs - not email senders or email recipients or transport info. Messages can be rejected if they're unencrypted, or rejected if the encryption recipients don't include one of a set of keys. Unless I'm remembering wrong if the list of keys was not dependent on the recipients, so you can't do things like "If Recipient=PurchasingClerk Require PurchasingBoss", though you can require "One Recipient in set PurchasingBoss, SalesBoss, EngrBoss", etc. Unfortunately, this pushes the company toward using one CMRkey, since it's not very flexible, though it can easily handle multiples. There may have been an option to accept signed mail, or that may have only been in the Outgoing SMTP server. There wasn't an option to reject unencrypted mail. (You could probably fake this by accepting unencrypted messages while also requiring encrypted messages to include a recipient whose key is not published anywhere and not publishing that keyid so nobody runs a deadbeef attack on it. I haven't verified this...) There wasn't an option to email a copy to the archive; you could write your own, but presumably any site that wants to save copies of all encrypted messages is already saving copies of all unencrypted messages already. Or they're really only making sure there's a CMRKed copy of the session key so they can decrypt the message on the late recipient's disk after he gets hit by a bus or a subpoena. 7) Outgoing SMTP filter - more complex. IF Sender_IPaddr in LIST, Evaluate RULE (parameter KeyIDList) -> -> Accept (fwd to SMTP server) OR Reject with parameterized bouncemessage. You only get one list of IP addresses, and you can only accept/reject, but the rulesets are flexible, and you can chain multiple filters together (the filter can run on Port 25 but can also run on other ports, and can forward to an SMTP server on other ports, so you can stack a bunch of these on a single box and chain them together.) Note that this doesn't look at the sender's or recipients' email addresses, just the sender's IP address. This is sometimes limiting (consider mail servers with multiple users, or multi-user machines, or people who do multiple functions from one machine), but it's more secure than trusting easily forged information like the sender and sender's address. A fancier system would include these in filtering capability. That capability may have been left out on purpose, or it may just be limited development time. (I don't remember if you can use multiple rulesets, but you can stack.) I also don't remember all the possible rules, but this is close: - Require Encryption (yeah!) - Require Encryption to Key on KeyIDList -- remember that CMRKs are attached to recipients' keys, not to senders' keys or mail packages, so the senders have to include any required keys themselves unless the recipients' CMRK keys are administered jointly with the SMTP server. (Sending them enough bounce messages may give them a hint, but the sender's PGP5.5 system won't do it automatically.) Thus, it's easy for CompanyA BuildingA to make sure that messages to CompanyA BuildingB employees are encrypted to one of CompanyA's CMRKs, but it doesn't have a clue about CompanyB's CMRKs or RandomRecipient's CMRKs, though if the recipients put their keys and CMRKs on some public keyserver a more sophisticated (and slower) SMTP gateway could check. - Require Signature (Remember that it can't look inside encrypted messages, so it only does this for unencrypted signed messages.) - Require Signature from KeyIDList - since this ruleset is used along with IP address lists, you could require things like "All email from Purchasing's machines are signed by Purchasing" "All email from the PR department is signed by the Marketroid Key" "All email from PR users is also signed by someone technical" :-) "All email from technical people is signed by Corporate Security" :-( "All email from the company president's key is signed by PR and Legal" (Note that this doesn't let you say "All email purporting to be from the company president" since it doesn't read email headers.) "All mail from the company president's real key is signed by the company president or her secretary" - Block encrypted mail, block signed mail (I think both of these were there, and if they weren't, you could implement them by some combination of features.) - Clear Text - you can allow this or block it. Storage Keys vs. Signature Keys vs. Message Encryption Keys - As described above, PGP5.* does use separate keys & algorithms for signatures and encryption, except for the old RSA keys. Storage Keys are a different issue - the main distinctions between storage keys and message encryption keys are - storage keys are used by the owner, while message encryption keys are used by someone other than the owner for items that will be given to the owner. - storage keys are useful when you have the storage media, message encryption keys are useful when you have a copy of the message, either legitimate or eavesdropped. - message encryption cyphertext gets mailed; stored cyphertext just sits there :-) PGPdisk is a pure storage key system, and perhaps there would have been less political furor if PGP had done Corporate Storage Recovery Keys, but it's not a mainstream product for PGP Inc., and only runs on Macs. Doing the storage job right means integrating with backup servers (disk drives get crashed or scribbled far more often than employees get hit by trucks...) which isn't PGPInc's specialty. In reality, users often use PGP for storage, including for messages they've received (depending on their mail GUI) and for files on disks (encrypted to themselves.) File-by-file encryption is easier to back up securely than whole-disk encryption, which requires either dumping the whole disk to backup media or copying to the backup in the clear. The latter is especially useful if the backup server is also an encrypted storage system, but the copying may be a security risk, unless you do really fancy things, and there's the whole question of whether the backup storage is encrypted with the same keys as the primary (hit-by-truck risk) or with a different key (corporate message access equivalence risk.) Business environment and documentation - [Mostly non-technical] PGP is a real business. They've got deadlines, they've got accountants, they've got people beating them up to ship code by the end of the quarter so they can bill people, they've got customers telling them they won't buy stuff until they get Feature X added or removed, all the usual stuff. The design consultants who used to do their export controlled web site left them a maze of twisty little CGI scripts, all different, so getting actual technical documentation out has taken far more work than anybody had time to do before a release date. (Some documentation is claimed to exist :-) Their SMTP packages could have had far more features, but they felt this at least minimally met their requirements, and there was some thought toward extensibility. While 5.0 did introduce new data formats, they're not stealthy, because they haven't seen much (any?) paying-customer demand, and features like the SMTP filters depend on being able to know how many recipient-key records a message contains, where their boundaries are, and what their KeyIDs are. So they recommend that people who want stealth go work OpenPGP and build formats that work to pressure PGP Inc. into using it. One of Phil's goals had been to design a system that provided the business message recovery features their customers were asking for without providing access to users' private or signature keys, as a counter-argument to the GAK advocates who claim they need it. [ As might be expected, much heated discussion occurred on this issue. :-) ] Some things that time pressure makes it difficult to think about, or at least implement, beside stealth, are features like secret-sharing the session keys to CMRKs (it's not possible to do this cleanly, without affecting a bunch of other things), or making session key recovery a difficult and slow process so it doesn't get done often (e.g. zeroing the bottom N ~ 32-40 bits of session key so recovery requires some brute force as well as the keys.) Building in the ability to crack messages using a single master key is really bad (though at least it can be a different master key per user or per message); perhaps when 5.6 or 6.0 handles multiple CMRKs it will implement them by secret-sharing rather than making them each full recipients. - Customers - Some of the customers do want to "recover" all their users' traffic. Others wanted to make sure that mail to a customer service rep got encrypted to the other customer service reps also, or at least to the rep's boss, so someone could handle the business if the original recipient was away. One of the more obnoxious customers was implementing CAK by having the Corporate Security department generate keys and hand them to the users on floppies; this gives them a less obnoxious approach that they're willing to try. One of the customers was really paranoid about making sure their employees didn't leave their CAD drawings encrypted and then steal them or extort money from the company for decrypting the plaintext when they quit; apparently the idea of using a document management system like programmers use for source code control had never occurred to them.... Thanks! Bill Bill Stewart, stewarts(a)ix.netcom.com Regular Key PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639

5 7

Equal rights for receivers
by Anonymous 17 Dec '03

17 Dec '03

Remind me again: Why was it OK when the SENDER could choose to encrypt to an additional key, but it's a threat to the free world if the RECEIVER is allowed to request the same thing?

2 2

"21 Days To Freedom"
by delta7＠onlinebiz.net 17 Dec '03

17 Dec '03

How do you feel about taxes? Every dollar you save in taxes is... MONEY IN YOUR POCKET. Do you want to learn how to legally save a FORTUNE in taxes...starting TODAY? We will show you how to BUILD WEALTH QUICKLY. And protect your assets. You will never worry about creditors, ex-spouses, or government intervention again. CREATE FREEDOM for yourself. NOW. This information is available to taxpayers in the United States, and also foreign countries. For an exciting FREE REPORT, please send any e-mail message to Strikegold(a)answerme.com. You will receive your FREE REPORT immediately.

1 0

Re: Stronghold
by Casey Iverson 17 Dec '03

17 Dec '03

At 02:35 PM 10/12/97 -0400,John Young wrote: >Dimitri, Allah bless his carcass, is a learned and deft provocateur. Wrong! Vulii is a KGB loving, decrepid, diseased ridden sack of Russian puss and excrement. His only reason for existence is to spread lies, disinformation, and filth. He shouldn't have the protection of the U.S. Constitution and the toleration of this list.

1 0

Bill Gates and Gun laws
by jf_avon＠citenet.net 17 Dec '03

17 Dec '03

> > Cdn-Firearms Digest Tuesday, October 14 1997 Volume 02 : Number 031 > cdn-firearms-digest(a)sfn.saskatoon.sk.ca [mega-snip] > ------------------------------ > > Date: Tue, 14 Oct 1997 12:43:32 -0600 > From: Dave Hammond <DHammond(a)novatel.ca> > Subject: FW: USA - Bill Gates wants your guns > > Don't like Bill Gates or his octopus like grip on the software market? Been > looking for a reason to give Microsoft the finger and shop elsewhere? Well, > here it is......... > > > by HUNTER T. GEORGE > OLYMPIA, Wash. (AP) - A gun-control measure on the Washington ballot has > turned into a Western shootout in this state, where nearly one out of > five residents owns a pistol. > In this gun battle, the two sides are armed with cash and > soundbites. > On one side is the state medical association, law enforcement > leaders, religious groups, the state's largest teachers union and > Microsoft chairman Bill Gates, among other Seattle-area business > leaders. > They back the measure, which would require handgun owners to > pass an exam or take an eight-hour safety course to get a license. > It would also require trigger locks on all handguns sold or > transferred in the state. > On the other side are gun rights organizations, like the > National Rifle Association, and police groups, which say the > measure is an invasion of privacy, an infringement of the right to > bear arms and a smokescreen for a hidden agenda: registration and > eventual confiscation of handguns. > ``What they're doing is basically using children and hiding > behind a phony handgun safety ballot title,'' said Alan Gottlieb, > chairman of the Bellevue-based Citizens Committee for the Right to > Keep and Bear Arms. ``These people don't want education. They want > to make it very hard for people to buy a handgun or use one, and > that's exactly what this initiative does.'' > If voters OK the measure on the Nov. 4 ballot, Washington will pass some > of the strictest gun laws in the nation. > Only a dozen states require some sort of handgun permit or > license, and just two - Massachusetts and Connecticut - have passed > laws requiring trigger locks, but only at the retail level. Washington's > would require them on all guns sold, even person to person. > Nine of the nation's largest gun makers announced Thursday that > they would provide childproof locks with all of their new handguns > - - about 80 percent of those sold in the United States. President > Clinton has pushed for legislation requiring the locks, but House > and Senate committees rejected the provision earlier this year. > No public polls on the measure have been released so far, but > some of the richest people in the state back it: Gates gave > $35,000; his father, lawyer William H. Gates, donated $150,000, and > philanthropist Harriet Stimson Bullitt contributed $50,000. > The safety requirements, they say, would be like taking a > driver's test before getting a license. The goal is to reduce > accidental shootings, particularly those involving children who find > loaded guns in the home. > A study in the Journal of the American Medical Association found > that 30 people 19 or younger died in unintentional shootings in > Washington state between 1991 and 1995. And 211 others were > hospitalized for gunshot wounds. > `I'm personally unwilling to tolerate that kind of carnage in > our state,'' said Dr. Roy Farrell, campaign spokesman and a gun > owner. ``Terrible tragedies happen that shouldn't happen if the gun > was stored properly.'' > > ------------------------------ [snip] > Mailing List Commands: majordomo(a)sfn.saskatoon.sk.ca

1 0

Re: Telstra Australia admits it lied about net
by nobody＠REPLAY.COM 17 Dec '03

17 Dec '03

Of course any stats put forward by Telstra are probably a complete fabrication. Telstra's arrogance exists due to its century long tradition of government backed monopoly resulting in a drain on Australia's resources and misallocation of capital on such a scale it defies imagination. It is par for the course for Telstra to now be seeking funding from US taxpayers/consumers. (PS. I heard the same figures you quote below being bandied about here about a week or so ago.) Bill Stewart writes: > According to an article in today's Mercury News or SFExaminer, > Telstra has also decided that 70% of the bits on US-Australia > Internet connections are now going from Australia to the US > rather than the earlier ~100% US->Australia direction - > so it wants a major reevaluation of who pays for the > trunks connecting the Internets in the two countries > (currently Telstra pays most of the costs.)

1 0

Start Saving Now...
by courier＠message4U.com 17 Dec '03

17 Dec '03

Dear Money Saver.. Are you.. Paying MORE than 9.9 Cents Per Minute For Long Distance or 888/800 Service ? Paying a monthly minimum or access charge for your long distance or for an 800/888 number ??? Getting 6 second increment billing ??? If NOT... Give us a call... We can get you the service Without the hassle Without the games Without the extra charges Pay LESS For Phone Service (s) (812) 949-2205 NOON - 10 PM EDT MON - FRI OR VISIT: http://www.cyberamish.com courier(a)message4U.com P. S. We also have a SUPER RATE on phone cards...19 CENTS PER MINUTE ! NONE OF THE ABOVE PHONE SERVICES INVOLVE MULTI-LEVEL MARKETING TO BE REMOVED FROM THIS LIST REPLY TO THIS MESSAGE & TYPE REMOVE IN SUBJECT AREA ONLY

1 0