On Sat, 30 Dec 2000, Eric Cordian wrote:

A typical citizen-unit will quickly trade a large amount of privacy for a small amount of convenience.

Sheeple-shearing is never so successful as when it's "voluntary."

Then it seems imperative to find ways to acheive both convenience and privacy... -David

On Sat, 30 Dec 2000, Eric Cordian wrote:

A typical citizen-unit will quickly trade a large amount of privacy for a small amount of convenience.

That begs the question and misrepresents reality to a good degree. People take the choices they think they have, usually those choices are made available by the party that is operating the service the consumer will use. So, there is usually very little say for the consumer other than yes/no. This is not the fault of the consumer, it's the fault of the producer. In their drive to gain a significant share of the market (something which goes against free market economy by the way) they will reduce the number of combinations they must offer (reduces cost). Blaming the consumer is simply a quick way to justify whatever strategy the producer finds attractive.

Sheeple-shearing is never so successful as when it's "voluntary."

History says otherwise...

Note that the two things IRC really needs, end to end encryption and authentication, are not even on the list of "improvements" these people are working on.

Why does IRC need encryption? Why authentication? I can see no reason to authenticate IRC sessions. This is contrary to the spirit of free speech and open access. Encryption won't prevent snooping since joining the servers themselves is trivial for the potential user and provides yet another sole source for traffic analysis. Being easy to join is what IRC is about after all, it's hard to build a community otherwise. What IRC needs is anonymity, distribution, and a mechanism to limit the sorts of activities (ie anti-Dos) that cause the problems. This should be resolved in a "Open Source" sort of mechanism and not through some proprietary (irrespective of how voluntary, after all what sort of choice is there if there are no alternatives?) society. Personaly, p-2-p technology is the way to go with IRC. Not more centralized servers. That way if some script kiddy gets randy the one or two clients they connect to directly can eliminate the problems. After all, you have a right to do what you want until it interferes with somebody else.

A little over a month ago, Adam J Herscher wrote a lovely little rant on Efnext, and rather than reiterate points which he made more articulately than I could ever hope to, let me simply paste chunks from his message to EFNet opers and admins.

It's 'lovely' because you're already biased to that view.

"The way that this is being implemented is simply unfair.

Do current operators have the choice to not join, to take their IRC toys and go elsewhere? Then it isn't unfair, it's inconvenient perhaps and it's definitely autocratic. Neither of those make it unfair a priori. For it to be unfair the action would have to prevent you from choosing alternative selections. What amazes me is that instead of whinning about it they don't go out and create more IRC channels. It's parallel to the question of why on a list of hundreds of 'crypto-anarchic individualist' we only see a handful of mailing lists (though they are trivial to build and inexpensive to operate). It's also similar to Eric's comments above about 'sheeple', why is it that anarchist/libertarians are always saying on one hand that the way to run a society is to let individuals make choices, yet they're the first to complain about how 'stupid' people are when they don't take the choices the anarchist/libertarian wants.

They're supporting themselves with the argument that since every EFNet admin will be approached, it is fair - yet they easily admit that there will be a network split and that there is no other way to do it.

This is GOOD, diversity through philosophical disagreement means the system is working. Here's a monopolistic market and forces are driving a split and even the anarchist are against it apparently.

Well, at this point, let's take a look from the admin being approached perspective. I am an EFNet admin, and approached by a group of people that tell me they have a great solution to fix the network. They tell me that I'm welcome, and my opinions will be heard (though I have no -official- voice/vote - yet), as long as I change my server to meet requirements not officially approved by anyone. That is, I will need to run new code, open my I:lines, possibly add more opers, possibly resign as admin and allow a new one to take over (again no server names mentioned, but I have specific ones in mind - and no, not my own - a list of servers that were discussed as not being allowed to link without conforming was actually posted). So what are my options at this point? Well, I can link to their network, or I can decide not to. If I decide not to, I will remain with a group of unwanted leaf servers with no hubs. And yes, I mean unwanted by them - if you haven't been approached by them yet others were months ago, why do you think this was? Perhaps because you wouldn't go along 100% or keep quiet? Essentially this process is "conform or be delinked" - because it's obvious at this point that if the major EFNet hubs and client servers go, you will be left delinked - their idea of a network split."

Whine, whine, whine. This is one of the most self-important, self-serving commentaries I've seen in a long time. This guy is a bozo. His argument is something like this: - The organization is changing the way it operates through a process that is representative and doesn't require participation by any party against their will. - The current operator wants to keep it the same and feels that because he's in the minority he's getting a raw deal. "I lost, and that isn't fair." There is a distinction between 'EFNet Admin' and 'IRC Admin'. As to 'conform' or be 'de-linked', that's the way 'free choice' works. You go along or you go alone (at least until you can find some more suitably minded parties). As to the point of a list of servers which won't be served, there is nothing wrong with that under this mechanism. If I have a party at my house it's up to me whom to invite, simply because I might know you doesn't give you any right to show up without an invite. What this whole bunch of bozo's needs is a p2p deamon that has something akin to 'host.deny/host.allow' that applies to domain names, IP's, channel ID's, and user ID's. If you want to create a 'permanent' channel why should EFNet be the ones to decide? Why not let the 'market' decide through their transient choices? This is just another example of why human psychology makes anarchic or libertarian communities unworkable. People have entirely too strong a social need to be comfortable in such environs. Which side (it's good/it's bad) isn't important, what is important to recognize the subconcious need to have a structure at all. Of course this also ignores the tendency of most people to be 'lazy' with respect to their contribution to a project. Which is really one of the main reasons we don't see more CDR nodes or alternate IRC networks springing up, it takes responsibility and activity.

...

It seems to me the 'cypherpunkish', 'libertarian', 'anarchic' thing to do is to promote the growth of individualy operated servers other than those on ISP's (who will have a motive to drop the old system and use the new system - just another example of why libertarian/economism is not sufficient in and of itself for a basis for society - they have no motive to protect the individual, only the 'market').

It would indeed be unfortunate if all controversial IRC traffic ended up being carried by isolated IRC servers, akin to remailers, whose admins were under constant attack, and which came and went on a daily basis.

This is probably a good thing really. It makes it harder for LEA's and other 'mallet's' to have a window of opportunity that is open long enough to take advantage off.

I anticipate that if Efnext pulls off this "Conform or be Delinked" exercise, people will be setting their sights on Usenet as the next thing that needs "fixing."

They already are, and have been for years. Usenet is another service that could use some sort of p2p datahaven environment. This should be one of the Cypherpunk 'target projects'. Of course this activity is yet another example of how 'anarchit/libertarian' market ideals are not the ideals that the community as a whole desires. It's also demonstrates that 'free markets' without some 3rd party regulation (eg 1st and 4th) are inherently unstable. ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------

On Sun, 31 Dec 2000, Eric Cordian wrote:

I see some interesting science here. Permit me to explain.

Cool. I'll take the liberty of adding some commentary myself.

One of the unchallenged inerrant doctrines of crypto-anarchy has been that highly redundant widely distributed services are immune to attack.

I'd say a more realistic view is that the cost of an attack goes up as a function of distribution. Hence, if you want to hit on one 'unit' then it's reasonable that even an individual might do it. But if you start trying to hit on many units the combinatorics take over and cost goes up in a factorial fashion. This is the reason I want to see the key management stay at the 'unit' level. The ability for me (or any party) to readily identify another party in my immediate environ is much lower in cost than say to have Tim May do it for us. The best person to evaluate my 'trust requirements' is me. In addition, by layering the protocols this way adds another level of protection. You've got a point to point link key that the two parties share and exchange in their own way. Each node takes whatever traffic it gets and routes it according to address, everything 'below' this layer is still encrypted. But I don't have access to the keys, nor do I know necessarily what algorithm was used to encrypt them. This was made by the appropriate parties at each level.

Indeed, things like BlackNet are made possible because they can use such services (eg alt.anonymous.message) as their underlying transport mechanism.

I like Plan 9 because it allows this at the network layer as a part of the OS. Though I'd like to see DES replaced with something more secure. When coupled with its distributed file/work space some really interesting possibilities become possible.

Now we see a network of 33 servers being assimilated to a new way of doing things. How could this be? Perhaps there are some flaws in our analysis of highly redundant widely distributed networks. Perhaps by looking at Efnext, we might see what they are.

I wouldn't say '33' qualified for 'highly redundent' or 'widely distributed'. I wouldn't trust any system that didnt' have at least several hundred, and preferably several thousand widely dispersed nodes, involved. 33 machines is within the scope of a couple of individual to hack over a year.

Flaw number one is that the servers in most networks are not equal. Most Networks are star networks, and most of the nodes are leaf nodes. Leaf nodes are at the mercy of their hubs. Where the hubs go, the leaves will follow.

I would say this observation is reason enough to say our original description of the network (and as a result our expectations) were at fault rather than how the particular system did end up being implimented or how it performed.

Flaw number two is that it is far more prestigious to run a hub than a leaf. Given the choice of having ones own Enamelware Factory under the new Reich, or being reduced to a delinked leaf, most server operators will swallow their pride and go with the herd.

The really(!) interesting observation is the one choice that almost never(?) comes up is real distributed systems. If these people would put the same energy into sending out a few notices in the appropriate forum and starting a real distributed content-blind network we'd all be better off. But it doesn't happen. Why? People don't like direct and immediate confrontation, they hate to burn bridges. It's a psychology thing in my opinion.

Flaw number three is that once the herd starts moving, it is very difficult for individual sheep to make their views known, and almost impossible for them to push the herd in a different direction.

Again, this is that face to face confrontation thingy.

Also, the trading of privacy and autonomy for convenience is a new threat model we have not considered in the context of highly redundant widely distributed networks.

But a distributed system maximises convenience, it has the minimum level of regulation and operating cost at the individual level. At the same time it maximizes autonomy. Obliquely, a couple of weeks ago there was a post on /. about 'why freedom'. One of the issues was Franklins security/freedom quote. The point which nobody gets is that Franklin was saying security IS freedom. In a fully distributed network w/ inherent privacy management we'd have soemthing like this: - Me and my ISP would share a key. This would allow me the pipe to route my traffic through. - My friends and I would share private 'public' keys that we'd use for day to chit chat. (this implies the package must allow multi-key selection for each recipient) - We'd have real public keys we'd share on our webpage as a matter of course. It should also be in our .sig. - Any service I worked with would share a key. We'd use the real public keys only to initiate the dialog. Nearly the first thing we'd do prior to any exchange would be to generate a (potentially session sensitive) specific key pair for us to use. It should be easy to sign these keys with a public key for 3rd party authentication. Smart folks would have key generation and exchange done on a nearly session by session basis.

Here we have EFNet en masse giving up the old way of doing things. En masse. "Voluntarily." And what is their motivation?

Since it's voluntary is that even an issue? Isn't part of respecting an individual simply accepting it's their decision and to impact them about it is only to weaken our own arguments and desires of individuality? That people have a means to opt-out is enough.

Impending government legislation?

<shrug>Influence through abduction by space aliens?

Janet Reno's tanks rolling on the locations of all 33 IRC Servers? A court order, which threatens indefinite jailing for non-compliance?

No, it's none of these things. It's some people who have gone off and written some mods to ircd which make running a server less of a headache.

But isn't this exactly what individuals are supposed to do? Irrespective of free market requirements, isn't this a requirement of a real world market? We bitch and moan about sheeple and then when a group goes off and does it we bitch and moan...

So the lesson here is that there is a "better software" attack on highly redundant widely distributed server networks, and that entire networks will trade control of their servers and allow changes to fundamental protocols, in return for new "singing and dancing" code.

I'd say the lesson is that we went into this with one set of expectations and we applied those in an environment where they weren't valid. We need to identify our process errors and repair them and try again.

Certainly, Usenet is also vulnerable to such an attack. Most news admins I know would give their left nut for a life free of spam.

The question is how to do it. And who will do it? Isn't this the point of a market? If "Do I compete?" then "Differentiate!" else "Use what somebody else brung to the party." This is a perfect opportunity for a real difference to be made. I think this is a facet of Lessigs "Code" that many don't seem to get. As I've said before this is the real power of Open Source development. The trick is to get the right mix of capability and personality in some core members. This is a nearly completely unstudied aspect of Open Source (and no, I don't think the same things that make Open Source success mean closed source success).

Much in the same sense that it is "voluntary" for an individual in the top 1 percentile on IQ and Achievment Tests to get a high school diploma.

However, try being allowed to flip burgers without one, regardless of your actual talent.

Well you won't just walk in and get hired as a president of a company but getting a job is not impossible without a diploma. You'll have to be content to start at the bottem washing plates, delivering boxes, etc. The opportunities are still there if at some point you change your mind and figure you do need something more to achieve. You can always start your own business also.

Making people "part of the process" is one of the first things one learns in management. How to simultaneously make sure they have zero chance of actually altering what you have planned for them is the second thing.

People ARE the process, everything else is a tool for their success. The way I manage my team is by clear goals and well described process and resource utility (and staying out of their way). ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------

On Tue, 2 Jan 2001, Steve Schear wrote:

...

Uh, right. Let us know when you have working code.

It shouldn't be very hard to bridge Usenet and Mojo Nation.

If memory serves, there is a project underway to do "usenet-on-freenet." -David

On Sun, 31 Dec 2000, James A. Donald wrote:

-- At 10:17 PM 12/30/2000 -0800, Eric Cordian wrote:

...

Note that the two things IRC really needs, end to end encryption and authentication, are not even on the list of "improvements" these people are working on.

Is there a forum where it is appropriate to discuss such improvements?

The average IRC user will never grok the concept of a public key, but we

Irrelevant. What the user wants strictly speaking is irrelevant at this layer. This is the relationship between publishers and how they will operate. The user requirements are a factor here but direct user input isn't needed. Your position is akin to saying that I as a book publisher must somehow limit my activities with respect to content selection to only what the customer or specific list of agents will allow. This violates my right of ownership with respect to 'the press'. ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------

-- At 06:56 PM 12/31/2000 -0500, David Honig wrote:

I don't see why a secure text-chat program would be any different than PGPfone (using DH, not RSA). Maybe easier i/o, tougher authentication since PGPfone uses human voice recog in part.

The method used by PGP phone against a man in the middle attack is impossible for text programs, though fairly easy for voice and video. A chat program needs a server, or interacting network of servers to advertise presence. This server could also act as a public key server, invisibly to user, guaranteeing stability of identity -- that this presence was the same entity as had been logged on under the same name in previous sessions. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG UGQ/+6M1hWVD5Z4S7TaT01Hg7/uSMrGS449xduq7 4+IVFOt/Gxo+29WnJDRqzcj9CMd7J+MOSEhY09Au5

David Honig wrote:

Since no one has yet mentioned it, Ryan Lackey once mentioned a secure chat program.. Zephyr? Gale? (the name was related to some other existing, insecure chat program)

MIT uses Zephyr for text messaging. It's not secure, but it can authenticate with Kerberos. There are "homebrew" extensions to have encrypted sessions; basically, since zephyr is 8-bit safe, you can put whatever you want inside the message, including (non-armored) encrypted data. -- Riad Wahby rsw@mit.edu MIT VI-2/A 2002 5105

David Honig wrote:

...

Since no one has yet mentioned it, Ryan Lackey once mentioned a secure chat program.. Zephyr? Gale? (the name was related to some other existing, insecure chat program)

Yes, it was Gale http://www.gale.org . You may note the relationship of its name to Zephyr's :-) Version 0.99a came out in July; Version 0.99cheese was sometime unspecified last millenium. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639

One of the problems that efnext is trying to address, and a cause of network instability is DOS attacks against servers by little kiddies that want to take over channels. Not that I'm for or against the new network, but it seems that building a consensus and peer review of the protocols would be a good thing. As for the fear that this will lead to central control and monitoring of the IRC network, my guess is that IRC is already heavily monitored. It's a hell of a lot more trivial than Usenet with only 33 servers on the network, and each communication tagged with the hostname or IP address that originated it. Alex B. Shepardsen said:

On Sun, 31 Dec 2000, dmolnar wrote:

...

Something I don't see much of on the efxnet page - "why?"

This is in the FAQ: "EFNext is the name of a project geared towards making IRC a more stable, uniform, chat environment."

and they say "introductory document coming soon." I still don't know why this is happening (I don't hang out on EFnet). What do the efxnet people give as their reasons for a new IRC network?

Well, as an EFnet user, I can say that EFnet is pretty unreliable. Network splits are extremely common (major splits occuring once every 3 or 4 hours, and usually lasting about 10 minutes or so). Lag between major irc servers is often quite apparent. All-in-all, EFnet needs a lot of work. Some of the other networks like Chatnet behave better, but they are also smaller and have less users.

Is there a need for a new IRC network? Unclear. I think that the probolems EFnet has are not going to be fixed by relacing it. The IRC servers simply need to be more reliable.

Alex

-- Kevin L. Prigge Internet Services U of MN, Twin Cities

I must admit Im rather sad to see efnet going this route, having been on efnet for years and participated and become and active member of many of the more underground channels on the network, I find it sad to see that the only irc network where anarchy truely ruled has come to this. I can however see their reasoning, having looked at efnext, I notice you can no longer do certain things, /links doesnt work, which means the hubs are hidden, and splits cant be seen, this means far less smurfing, because there is no point to smurfing a leaf server. You also cannot see the servers someone is linked to if you /whois them, this stops a number of denial of service attacks. As for IRC Operators getting involved in channel affairs, if this happens, people WILL run to another network, maybe I live under an illusion, but I believe that the anarchy on networks like efnet is inbred in the people, and is not so much about the network where the people reside, but the people themselves, and if the anarchy and the control of their own channels is taken from them, the people will get up and move somewhere where they still have control. Their is NOTHING forcing people to move to efnext, and speaking from experience, setting up and running irc servers is easy, lets face it, with a decent *nix system you can have an ircd up and running in a matter of 5 or 10 minutes, an entire network is no more than an hour if you are linking 10 systems. Further more, IRC does NOT take that much bandwidth, there is a myth that efnet NEEDS OC3 links etc because of the traffic that is passed across it, what people dont say is that the servers actually only run at between 1 and 2 megabit/second if you remove the traffic from DDOS and attacks like smurf. As for myself, I will still be on efnet, but other than that I will retire to blabbernet, sure there are services there, and sure its small, but its non-censored, anarchial, anything goes, and people dont tell me what to do. Btw, another point I forgot to mention, there is encrypted IRC out there, there are encrypted protocols built into scrollz for public channel, dcc, and private message. If anyone wants more information contact me, I might also try and release a patch for bitchx and ircII to do the same thing if I get the time to do some coding and can figure out the crypto code (I dont do much crypto code unfortunatly) Anyway, the above are just my opinions. Andrew Alston / Vortexia irc.blabber.net - Server Administrator -----Original Message----- From: owner-cypherpunks@minder.net [mailto:owner-cypherpunks@minder.net]On Behalf Of Bill Stewart Sent: Tuesday, January 02, 2001 9:00 AM To: cypherpunks@cyberpass.net Subject: Re: Anarchy Eroded: Project Efnext At 02:52 AM 12/31/00 -0500, dmolnar wrote:

Something I don't see much of on the efxnet page - "why?"

This is in the FAQ: "EFNext is the name of a project geared towards making IRC a more stable, uniform, chat environment."

and they say "introductory document coming soon." I still don't know why this is happening (I don't hang out on EFnet). What do the efxnet people give as their reasons for a new IRC network?

Simplification of protocols so they can sell out to Microsoft/AOL? :-) Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639

The answer to this question is actually fairly simple, it is VERY easy to block smurfing in the form of amplification, I.E that is to say that you can stop yourself being an amplifier, this helps your outgoing bandwidth. However, to stop yourself being smurfed you have to stop all incoming ICMP Echo Reply packets coming into your host at your upstream, because what you are getting from a smurf are NOT ping request packets, they are ICMP echo reply packets coming from other amplifiers, which means you could be getting ICMP echo reply packets from 10 thousand + hosts at a time, and there is little you can do to block it other than have your uplink firewall it. The problem is that by the time the ICMP reaches the uplink, the uplink has probably been saturated, or at least is upset enough over their loss of bandwidth to possibly cut your connectivity. It is pretty pointless blocking ICMP echo replies on the IRC server itself as well, because by the time the packets get dropped at the server, they have already passed over the lines and saturated the lines. Kinda sad hey? Andrew Alston -----Original Message----- From: owner-cypherpunks@minder.net [mailto:owner-cypherpunks@minder.net]On Behalf Of Ray Dillinger Sent: Tuesday, January 02, 2001 6:08 PM To: Andrew Alston Cc: cypherpunks@cyberpass.net Subject: RE: Anarchy Eroded: Project Efnext On Tue, 2 Jan 2001, Andrew Alston wrote:

Further more, IRC does NOT take that much bandwidth, there is a myth that efnet NEEDS OC3 links etc because of the traffic that is passed across it, what people dont say is that the servers actually only run at between 1 and 2 megabit/second if you remove the traffic from DDOS and attacks like smurf.

I have a question: given that half the bandwidth and almost all of the spike bandwidth is devoted to smurfing, why don't IRC servers just block multicast ping? I mean, okay, so it's in the kernel code instead of being a separate application. It still shouldn't be hard to come up with a patch that killed smurfing. Pings should never be forwarded to multiple hosts. Bear