Fwd: [gsc] Fwd: managing and protecting nyms...

8 Nov 2009


      Begin forwarded message:
...
From: Jim 
Date: November 8, 2009 4:10:07 PM GMT-04:00
To: gold-silver-crypto@rayservers.com
Subject: Re: [gsc] Fwd: managing and protecting nyms...
R.A. Hettinga wrote:
...
...
From: John Young 
Date: November 8, 2009 1:31:05 PM GMT-04:00
To: cypherpunks@al-qaeda.net
Subject: Re: managing and protecting nyms...
Peer review is necessary to assure blunders are not overlooked.
However, there has been no demonstration that peer review is all
that is needed for the superior protection.
I have never seen anyone make this argument.  So, burn down
the straw man, John.
...
...
This is not an argument
for obscurity, only a caution that peer review is not necessary
sufficient.
Not necessary or sufficient?  Not necessarily sufficient?
Peer review is very useful.  I've never seen anyone argue that
it is sufficient for total information security.  To my
knowledge, there is no total information security, no perfect
system.
Open source operates on the assumption that everyone is
fallible.  Other assumptions to demolish John's arguments,
below, in line.
...
...
Peers miss stuff too, as amply demonstrated by holes
and bad implementation later discovered.
Of course.  But, look, John, dummy, you can't discover these
holes and bad implementations without open source crypto. If
you keep your secret codes secret, then when the codes and
ciphers are broken, you won't know it.
...
...
Betting you life on peer review, or open disclosure is probably
not very smart.
Who isn't betting their life every day?  The scum who have
gotten Republican politicians to waste three trillion dollars
on military contracts in order to slaughter millions of people
in Southwest Asia are quite willing to slaughter as many people
as it takes to maintain power and keep the gravy train coming.
Is it more clever to bet your life on a super duper secret
code that no one can review?  No, that would be asinine.
John, don't be an ass.
...
...
Instead, expect some shrewd peer(s) to see
something that will serve a private purpose by keeping quiet.
Competiton, betrayal, disinfo, venality, play a role as well
as search for truth through open discourse.
Competition, for those who can spell it, is a good thing. The
whole point of open source crypto is that different persons would
each have different purposes, different motivations.  Some will
be genuinely motivated by math, just doing the math, just seeing
the equations work, just understanding it all.  Some will be
motivated by private purposes, but these will vary widely. So
the more people who actually sift the source code and review
the math and do the peer review, the better.
Yes, there will be betrayals and venality, but the advantage of
open source is that there will be different people with very
differing agendas.  You don't get nearly as many minds looking
for holes in your crypto without open source.
...
...
Comsec is a swamp, quicksand, punji trap,
Which is it?  A swamp is not all quicksand, and neither a
swamp nor quicksand is a punji trap.
Communications security and data security are ill served by
mixed metaphors and endless abbreviations.
...
...
and comsec
experts are never trustworthy about each other or about
systems.
Nobody is trustworthy.  The whole point of someone like, say,
Tim May, saying that something is a "trust me" level of
security is to deride and ridicule trusting anyone with your
security.  (Was that Tim who said that about Safe-mail.net or
was that someone else quoting Tim on another topic?  Not
that it matters.)
There is no royal road to geometry.  There is no substitute
for actually doing the math.  There is no one but you that
you can really trust.  Which is okay.
Really, it is, John.  It'll be okay.  Calm down.  Don't
get all fussy.  Finding market clearing prices is an
intensely cooperative activity.  People are very motivated
to find these prices and clear markets.  So, in part because
of the fact that no one can trust anyone else, people find
ways to cooperate actively to create, price, and clear markets.
...
...
The open source methodology, call it snakeoil,
Why call it snake oil?  This metaphor isn't any better than
the punji trap in quicksand in a swamp metaphor.
If you don't like open source crypto or open source software,
why not propose some other methodology?
There is no other methodology that provides similar levels of
scrutiny of code and math.  The preceding methodology, of
making a secret code and keeping it ultra-mega-top-letter-
clearance-secret-word-clearance-burn-before-reading classified
has been completely discredited.  When you have a highly
secure code, you will never know when it has been broken.
...
...
works well
for the inexpert to gain a limited education,
Who would that inexpert be, John?  Would he be the guy who
stares out of your mirror when you shave? lol
...
...
but behind that stage the usual shit goes on.
Shit goes on all the time.  LBJ and his cronies spent on
the order of $2 trillion in today's dollars on the war in
Southeast Asia, slaughtering about 7.9 million in dead and
wounded, military and civilians, across all countries.  So,
for about a quarter million dollars in corruptly allocated
profits, one person was horribly mutilated or killed to
make the CIA and military death merchants happy.
If there is any good news about this shit that goes on, it
is that somewhat closer to two million have been killed in
Southwest Asia for about $3 trillion in today's dollars. So
more like $1.5 million in death merchant profits and campaign
contributions for GOP villains (and since 2006, Democrat
villains, too) per horribly mutilated or killed victim.
Ain't efficiency grand?
Of course, the tricky part is the casualty figures.  No
body counts these days.  It could be tens of millions of
dead people, and we won't know until the empire falls and
the archives are opened.
...
...
Keeping quiet about crypto cracks, holes, trojans, backdoors,
is extremely rewarding.
For everyone?  So, John Young works for the feral gummint on
ways to keep secrets and slaughter young children in foreign
countries, as well as babies in the USA.  How rewarding is it,
John?
...
...
Concealing deep faults with shallow ones is SOP.
Standard for whom?  Operating procedures assume some sort of
goal or outcome for operations.  Different people have very
different plans, goals, skills, and ethics.
I mean, clearly, you are the sort who would have no problem having
the IRS come into a home, kill the family pets, rape the young
children, put the adults in cages, seize all the records, and
confiscate every asset.  You want the IRS to do so for the
benefit of your lofty goals of having trillions of dollars for
corruptly allocated government contracts so that the CIA and
the military can rape, torture, kill, and mutilate foreigners
in an endless war.
...
...
Note that wide crypto use has become a stimulus to intercept,
store forever (NSA policy), crack when possible and to continue
trying to crack indefinitely (NSA policy), with successful deep
cracks seldom revealed. "NSA policy" is that of deeply embedded
contractors and researchers as well.
Yes, that's all terribly sweet.  Build up your Library of
Alexandria of data of every comment ever written by anyone ever.
Build (with corruptly allocated contracts and dead taxpayer
confiscated funds) your huge quantum computing apparatus to
sift through all this data.  Enjoy trying to figure out which
e-mail address goes with which person.
At some stage you still have to have a human being apply it.
Or manufacture it wholesale and assign it to someone innocent
and insist that it has been in your database for years.
It is just like your archive of finger prints and DNA samples.
You can now fabricate "evidence" that anyone was anywhere, with
"irrefutable" evidence from your laboratories, cooked up before
the crime and analysed after the crime, to frame anyone.
So what?  Who cares?
What are you doing with all these abilities, all these technologies,
all the money that you steal, all the lives you ruin?
Nothing much.  Slaughtering a whole bunch of children to not
much purpose.
Going to the stars, John?  No, you aren't.  Exploring the planets,
John?  Nope.
Spying on your neighbors, sure.  Raping their children, sure.
You and your government do a whole lot of that.
Bringing the resources of the Solar System to bear on the
problems here on Earth?  Nah, that would be a waste of your
very important time.  Arbeit macht frei, motherfucker.
...
...
Publicly-availalbe encryption and other currently usable comsec
protection are satisfactory for ordinary communications
Anyone who isn't using them for ordinary communication is a
fool.  Anyone who is communicating about actual criminal
activity and thinks encryption is sufficient "cover" is a fool.
...
...
but not
for more than that if you are up to extraordinary renditions, say,
making a bundle peddling natsec-grade counter-threat
assurances.
Well, gosh, Johnny, are you torturing people to death?  Does
that make your opinions about open source methodology more
interesting, or less interesting, to ethical persons?
...
...
Yep, natsec-grade is what the telecoms and like
critical infrastructure dealers claim they are providing. Nothing
pays better.
And we all know that if it paid well enough, you would rape and
torture your grandmother in front of your siblings, and then
rape and torture and murder them all.
Thanks, John, for a trip inside the mind of a maniac.