On Tue, Jul 14, 2015 at 10:02 AM, Stephen D. Williams <sdw@lig.net> wrote:

Everything will be run in the cloud and browser because it is, overall, a better computation model.

Certainly that's the current bias, but web browser as platform isn't really all that it's cracked up to be, IMHO - all browsers suck, and I don't see them getting better any time soon, especially if they run javascript and plugins.

However, that doesn't preclude you from running a cloud locally.

Certainly better than public/commercial clouds - at least until proven encryption becomes the norm.

Although pretty much proprietary to Google & Amazon until recently, Docker et al and related VM/container management APIs that are mappable to all kinds of implementations will allow apps, administration, networking, etc. to be fluid between commercial and various types of private clouds.

In a lot of ways, this is an elegant solution and could arguably be much more secure than desktop apps in Windows. Assuming your container system isn't running in Windows, which is becoming an option; one that I won't trust easily.

Eh - good sysadmins with good managers/policies can secure Windows just fine, though I do like jails under FreeBSD... Kurt

2015-07-15 2:20 GMT+09:00 Kurt Buff <kurt.buff@gmail.com>:

On Tue, Jul 14, 2015 at 10:02 AM, Stephen D. Williams <sdw@lig.net> wrote:

...

Everything will be run in the cloud and browser because it is, overall, a better computation model.

Certainly that's the current bias, but web browser as platform isn't really all that it's cracked up to be, IMHO - all browsers suck, and I don't see them getting better any time soon, especially if they run javascript and plugins.

"All browsers suck"?.. They run HTML pretty darn well. I'd say HTML is a document language, not an application language, and now it's trying to be both and it's a pretty psychotic fit. But it still works pretty darn much better than anything else out there. I'd like there to be an "all settled standards compliant fast and secure browser", but the secure is usually omitted (and there's a rush to support the not-quite-settled standards). Not much wrong with JavaScript, but I hope they'll soon support several other languages too. Like perhaps LLVM's intermediary format - so we can compile whatever into a near-metal language that will run really fast. (and saving a lot of people the effort of writing/maintaining to-js compilers) But the cloud is a better computational platform because of: * Economies of scale for computer electronics, power, network connections * Time sharing on the cloud's hardware * Sometimes architecture advantages But, pushing back, there's: * Latency/bandwidth to user * Loss of end user's control over essential hardware * Massive trust and security issues We're looking at the following: - micropower devices; IoT and thinner smartphones (less power usage as batteries do not seem to develop fast), home automation panels, extra body-mounted-displays, in-car panels, home-appliance panels (refrigerator to mixer), televisions, alarm clocks, some tablets and laptops anything with power or financial constraints. These machines are that which the user interacts with. Their entire design gives way to human preference and comfort. They do not compute much, and might contain nothing but a video-stream-decoder and a "window manager" that decodes simple graphics statements (hopefully simpler than HTML). - computers; workstations, desktop pc's, laptops, stand-alone "videocards" with generic computing support, servers, gaming-appliances fast computers that are positioned somewhere in the house. Low latency to the user and with very good price/performance relationships (desktops now are miracles). Given the single-core-ceiling these machines will typically fare better than ideal cloud setups for many applications. They can be rented out to remote users dynamically. - remote processing; the cloud, the neighbors' computers, etc time-shared computing that is not in-house. Typically high latency, extremely high maximum power and lowest cost. Latency constraints force it to be used only for very expensive operations - such as rendering tasks and machine learning (for business intelligence or otherwise). If the set-up-time for such an operation is 2000ms many tasks are still better ran locally - the application-support-system (OS?) will have to make choices about this rather fast.

...

However, that doesn't preclude you from running a cloud locally.

Certainly better than public/commercial clouds - at least until proven encryption becomes the norm.

What I've described above is a sort of multi-tier architecture. At the moment remote or local computing is a wild west with exclusively homebrewed solutions. At some point we will integrate all our devices, and software's locality will be managed better as well. Encryption will be applied automatically at the appropriate places. I think the largest desired capability is the inaptly named "homomorphic encryption", which should be optimized and packaged such that heavy processing can be remotely executed in a safe and trustless manner. What is to be done? Well, I hope we can avoid the situation where we run the browsers and they run the software. We're going there now because the architecture I mentioned does not exist - and because it's a simpler model. A business could be made out of making hardware that follows the above model, that would probably be the best way to make it happen. Elsewise we're all along for the ride that the unknowing public is buying us into.

On July 16, 2015 11:00:31 AM The Doctor <drwho@virtadpt.net> wrote:

http://cube-drone.com/comics/c/relentless-persistence

Heh. There is a "share on facebutts" link :D When .space became available I bought a few domains, one being assbook.space. I was going to make it into an anti-social media forum, but the few times I've emailed someone from it it was marked as probable pr0n spam :D Ah, well... On topic: .js still sucks and so does the cloud. The End! -S

On 7/14/15 10:35 AM, John Young wrote:

Cloud and browser together constitute the most invasive programs since religion was invented and rewarded to absolve overrreaching and abusive authority.

You don't think ODBC (which was Microsoft's fault, via ANSI) was worse? CORBA? Windows itself? SMB file servers? We are in massively better shape than we used to be.

Both cloud and browser are deliberately designed to mislead users about their threats to privacy and security. Iterations, adjustments, corrections of errors, automatic upgrades, official endorsements, repeatedly easy hacks, futile hearings of maladies long known and ignored, concentration of computer power, reduction of alternatives, foretell disaster as if natural, expected, bearable, and better than DIY, desktop, solo solutions, mavericks, and worst of all, openness.

Even narrowly true levels of security are better than what we used to have. Certainly we need to keep getting better.

Cloud and browser are like imperial dogma, what's good for the empire operators is good for the people. Although cloud and browser to succeed must have access to all the people's private data to assure they remain peaceable.

It's getting better. Fund Firefox to keep the pressure on.

Sysadmins are the Cromwells, the Hacking Teams, the Kasperskys, violating law with impunity.

sdw

At 01:02 PM 7/14/2015, you wrote:

...

Everything will be run in the cloud and browser because it is, overall, a better computation model. However, that doesn't preclude you from running a cloud locally. Although pretty much proprietary to Google & Amazon until recently, Docker et al and related VM/container management APIs that are mappable to all kinds of implementations will allow apps, administration, networking, etc. to be fluid between commercial and various types of private clouds.

In a lot of ways, this is an elegant solution and could arguably be much more secure than desktop apps in Windows. Assuming your container system isn't running in Windows, which is becoming an option; one that I won't trust easily.

sdw

On 7/14/15 8:52 AM, dan@geer.org <mailto:dan@geer.org> wrote:

...

Discussing security policy post-OPM debacle in a setting to which I have access (sorry to be oblique), it was said by a CxO "We have to prepare for the day when no software we depend on is run on premises."

I did not handle this well (think sputtering as an alternative to white rage). At the same time, I am probably in a bubble in that I suspect that nearly everyone I see with a computer (of any form factor) is already in that situation or, save for Javascript piped in from the cloud to run locally, soon will be -- denizens of this list and a few others excepted.

Echoing Lenin echoing Chernyshevsky, "What is to be done?" or, perhaps, "Is anything to be done?"

--dan

-- Stephen D. Williams sdw@lig.net stephendwilliams@gmail.com LinkedIn: http://sdw.st/in V:650-450-UNIX (8649) V:866.SDW.UNIX V:703.371.9362 F:703.995.0407 AIM:sdw Skype:StephenDWilliams Yahoo:sdwlignet Resume: http://sdw.st/gres Personal: http://sdw.st facebook.com/sdwlig twitter.com/scienteer

I would say the key question is 'who cares about your data the most?'. Do you want someone who's only concern is ticking enough boxes in order to get paid and not sued or someone who passionately cares about the data? You are the only person who values the security of your data. cheers, oshwm.

On Tue, 14 Jul 2015 12:28:54 -0700, Anthony Michaels <cypher@cpunk.us> wrote:

The more time goes by, the more I agree with Ed Snowden and his statement about the Internet dividing into two groups: those who are part of the technical elite and have the ability to protect themselves and those who don't and must accept that their privacy will be raped at will.

Agreed, however if dedicated people who care about freedom/privacy/liberty can build hardware and software products that are by default distributed, encrypted, and safe to use __by non-technical people__, then it's game over for the centralized control freak bloodsucking vampire fiat currency bankster predasites. (predator/parasites)

On 7/14/15 12:50 PM, Peter Fairbrother wrote:

On 14/07/15 18:02, Stephen D. Williams wrote:

...

Everything will be run in the cloud and browser because it is, overall, a better computation model.

It is? Why?

The browser provides a super feature / security / quality / portable baseline that is rapidly improving. Only a few alternatives come close and they all fall short in major ways: Qt (which greatly relies on browser tech now), Java & C#, Unity, UnReal, etc. Certain things are still better in those alternatives, but less and less. With Javascript optimization, ASM.js, SIMD.js, WebGL, etc., browsers have, for most purposes, resolved the computational gap while having massively better security stance. WebComponents, the new binary Javascript format, along with WebRTC, WebUSB, and other features, we're getting the cleanest app and platform model we've seen so far. The key architectural questions about remote communication involve security, efficiency, stability, portability, etc. While it isn't perfect, web tech provides a nice enough model for expressing the highest level logical communication needed in secure (enough for most purposes), flexible, efficient enough, and low latency enough for most purposes ways. Solutions like Swagger, Go, and other modern techniques are much cleaner and simpler than previous clunky solutions. Most of the most interesting web apps now run almost completely in the browser. The server side sends the original page and code, manages authentication, then acts mostly as a database with minimal logic. As long as the API doesn't rely solely on client-side validation and other things that could be gamed, it can still be secure. Because it's now easy to run the same code on the front and back, complex validation could be done on the front-end for low latency and the backend for actual security, for instance. There are plenty of things that could be better and will get better, but regardless the power & ease gap between web app development, for most situations, is only increasing. Emulating any substantial subset of browser-level UI and other features in a non-browser desktop app is nearly impossible now.

-- Peter Fairbrother

sdw

On Tue, 14 Jul 2015 10:02:31 -0700 "Stephen D. Williams" <sdw@lig.net> wrote:

Everything will be run in the cloud and browser because it is, overall, a better computation model.

This fine mailing list just keeps getting 'better'...

On 7/16/15 7:51 AM, Georgi Guninski wrote:

On Tue, Jul 14, 2015 at 10:02:31AM -0700, Stephen D. Williams wrote:

...

In a lot of ways, this is an elegant solution and could arguably be much more secure than desktop apps in Windows. Assuming your Lol, is this positive or negative argument?

it can hardly be less secure than windoze imho.

Cypherpunks + Windows, what do you think? sdw

On July 16, 2015 10:24:23 AM "Stephen D. Williams" <sdw@lig.net> wrote:

On 7/16/15 7:51 AM, Georgi Guninski wrote:

...

On Tue, Jul 14, 2015 at 10:02:31AM -0700, Stephen D. Williams wrote:

...

In a lot of ways, this is an elegant solution and could arguably be much more secure than desktop apps in Windows. Assuming your Lol, is this positive or negative argument?

it can hardly be less secure than windoze imho.

Cypherpunks + Windows, what do you think?

sdw

It's making me break out in hives, stop it! :p *shudder*

On July 16, 2015 11:49:47 AM grarpamp <grarpamp@gmail.com> wrote:

On Thu, Jul 16, 2015 at 1:55 PM, Shelley <shelley@misanthropia.org> wrote:

...

On July 16, 2015 10:24:23 AM "Stephen D. Williams" <sdw@lig.net> wrote:

...

On 7/16/15 7:51 AM, Georgi Guninski wrote:

...

On Tue, Jul 14, 2015 at 10:02:31AM -0700, Stephen D. Williams wrote:

...

In a lot of ways, this is an elegant solution and could arguably be much more secure than desktop apps in Windows. Assuming your Lol, is this positive or negative argument?

it can hardly be less secure than windoze imho.

...

Cypherpunks + Windows, what do you think?

It's making me break out in hives, stop it! :p

*shudder*

The bazillion lines of effectively unaudited code in opensource kernels and software should have the same effect upon you.

It does; nothing is ever 100% safe, we must not become complacent. But FOSS : acne, Windoze (and Flash, Java, .js, etc) : ebola! -S

On 7/16/15 11:44 AM, grarpamp wrote:

...

On Thu, Jul 16, 2015 at 1:55 PM, Shelley <shelley@misanthropia.org> wrote:

...

On July 16, 2015 10:24:23 AM "Stephen D. Williams" <sdw@lig.net> wrote:

...

On 7/16/15 7:51 AM, Georgi Guninski wrote:

...

On Tue, Jul 14, 2015 at 10:02:31AM -0700, Stephen D. Williams wrote:

...

In a lot of ways, this is an elegant solution and could arguably be much more secure than desktop apps in Windows. Assuming your Lol, is this positive or negative argument?

it can hardly be less secure than windoze imho. Cypherpunks + Windows, what do you think? It's making me break out in hives, stop it! :p

*shudder* The bazillion lines of effectively unaudited code in opensource kernels and software should have the same effect upon you.

I personally have audited quite a bit of FOSS (and enough spot checkers can get pretty good coverage), but not one line of proprietary Microsoft, Oracle, or Apple code. Your fears may be misplaced.

Large companies regularly scan their open source (and proprietary code) with Black Duck's ProtexIP software. That product shows if code is "borrowed" from other places. They also have open source tools that do similar things. The idea that open source is filled with stolen code is FUD.

On 7/16/15, Shelley <shelley@misanthropia.org> wrote:

On July 16, 2015 10:24:23 AM "Stephen D. Williams" <sdw@lig.net> wrote:

...

On 7/16/15 7:51 AM, Georgi Guninski wrote:

...

On Tue, Jul 14, 2015 at 10:02:31AM -0700, Stephen D. Williams wrote:

...

In a lot of ways, this is an elegant solution and could arguably be much more secure than desktop apps in Windows. Assuming your Lol, is this positive or negative argument?

it can hardly be less secure than windoze imho.

...

Cypherpunks + Windows, what do you think?

sdw

It's making me break out in hives, stop it! :p

*shudder*

Windows gives you wiiiings.

Dnia piątek, 17 lipca 2015 00:59:19 Zenaan Harkness pisze:

On 7/16/15, Shelley <shelley@misanthropia.org> wrote:

...

On July 16, 2015 10:24:23 AM "Stephen D. Williams" <sdw@lig.net> wrote:

...

On 7/16/15 7:51 AM, Georgi Guninski wrote:

...

On Tue, Jul 14, 2015 at 10:02:31AM -0700, Stephen D. Williams wrote:

...

In a lot of ways, this is an elegant solution and could arguably be much more secure than desktop apps in Windows. Assuming your

Lol, is this positive or negative argument?

it can hardly be less secure than windoze imho.

Cypherpunks + Windows, what do you think?

sdw

It's making me break out in hives, stop it! :p

*shudder*

Windows gives you wiiiings.

inb4 Wingdows -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/14/2015 10:09 AM, Kurt Buff wrote:

Because, as mothers everywhere ask "if some of your friends jumped off a cliff, would that make it the right and smart thing to do, or merely the popular and stupid thing?"

On the third tentacle, what if they know something you don't, and are busily saving their own skins? - -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "It's filled with seven cannon balls, and it doesn't talk." -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVpVUPAAoJED1np1pUQ8RkIwoP+wfHCxzogbgBbburJyxnFNx9 3av8szuunTJVQ0mC9GbVyZDAyuSv2EwxC0jstdxcvWOjl0QLMMWsVrPkFGreLb81 ldvzcgEK9rsnkaituFKYvRXFllz43Pakqj1DMkPUKKV6YnB5z3lvtwrR2oCsp/hZ jmGwOj2+Vf602zaRQSPuABS5Indro4K/7RH+vYVzuOoZTIA6K6yvy62QWKpN7gxI H+3Hrukbb8GisTkFE/Ip2MESX34IF6cQZOfgI8ivkHckmYh+Olz5i8mSD5TxyT9C ATJ+VhEPQ6wcOp+t1IU9xGe7cLDJJNOparUbe8c3vByRZYKaCADiaykBFot5bkdX 5PZpu+0Xlgjbd8vOBW5M2isAADbe/GvLXq4tSmugPxEaS2u1zPyoE299FqWxMYgk 8DwUMu2mZWq4kMxjaTEargtbylZpkAkMlcQ2LuTSkLqKBGRQbhjZn5SgyUX2E7HM A5uEPbv2vA+33eouPUpBGpQY5w1xABSMarsvykZKaKV+U68PSbOPfq8TsoVt2R0F LeqR7nkMp1X+sl6Q5WzaDSJaiPa/gZOsWAwxcV1Xj78v+dWOenMbw0wfianIPb96 WC1CT5eoQQ6HkwNgjJpUOdZgGhDoGKyBWDWULykoSYEjVYuq9Kfr0sCPWAx6Ckqq vr1EVtG84VjvoQgzv8i1 =FR0p -----END PGP SIGNATURE-----

On 7/14/15 3:11 PM, Alfie John wrote:

On Wed, Jul 15, 2015, at 01:52 AM, dan@geer.org wrote:

...

CxO: We have to prepare for the day when no software we depend on is run on premises. Zen Master: Then we have to prepare for the day that all adversaries know all our secrets.

On hearing this, the CxO was enlightened.

Sharing all of your secrets, then prosecuting adversaries that make ill use of it, in court and the court of public opinion, is a valid path. Better, throw in some misinformation so that they are mislead in self-sabotaging ways. If you are speaking on a line that you know is being recorded by "authorities", what should you be talking about? In the US at least, perhaps something that would make listeners blush or spend time chasing phantoms or something. Might as well get your money's worth. At some point I realized that I should just go to court for every ticket or other opportunity. If the alternative is that you certainly have to pay, then you might as well learn, get comfortable protecting yourself in court, say your peace, and try whatever legal argument you can think of. I have about a 50% win rate. Interesting how certain companies, Apple, feel they need to be totally opaque while others, Google and others, are closer to being mostly open. Space-X and/or Tesla are giving away free use of some patents, a somewhat related example.

Alfie

sdw

On 7/16/15, grarpamp <grarpamp@gmail.com> wrote:

On Thu, Jul 16, 2015 at 1:28 PM, Stephen D. Williams <sdw@lig.net> wrote:

...

At some point I realized that I should just go to court for every ticket or other opportunity. If the alternative is that you certainly have to pay, then you might as well learn, get comfortable protecting yourself in court, say your peace, and try whatever legal argument you can think of. I have about a 50% win rate.

Few people realize how easy it is to push 50% on tickets even if all they do is plead not guilty and wait for the cop not to show up. And that's before feigning/posturing that you actually have a case thereby driving your own bargain. Prosecutors hate risk. You making a case in front of a judge is a risk they'll bend over backwards to avoid. Find their weak spots, play to win, go for the dismissals, prepare for the not guilty battles, punk the state, have fun with it :) After all, it is your right. And entire forums exist to help you do it.

One of the most significant benefits - learning to face one of your fears. Think you're tough, strong, emotionally balanced? Get up in front of a Magistrate and facing down the prosecutor, and see what your knees do then :) Do that a few times, and start to feel awesome! Self esteem fast track...

Exactly why judges masturbate with a noisy device, snooze, bark errant orders, abuse assistants, bailiffs, attorneys, juries, aggravate higher and lower judges, get shot, shoot back, get laid and STD in chambers. Courtroom tedium (aka justice), procedural churning, empty bombast, strutting, feigning, farting, fingering anus itch, jury boredom, hollow pretense of respect for the law -- from this comes little new, and a lot of wasted time, so obese, privileged, endlessly disputatious precedent is valued over disruptive lean novelty and Roy Bean quick resolution, wherein fear of mortality and hard labor are suspended self-sentences, and issuing death penalties against childhood bullies absconding with therapy dolls is the dream of payback jurists in black cross dresses. At 10:23 AM 7/17/2015, you wrote:

Exactly.

sdw

On Sat, Jul 18, 2015 at 01:39:45PM +0200, Florian Weimer wrote:

Well, for one thing, it removes physical access to machines from insiders on your end, and in many cases, also direct access to data, particularly in its bulk form.

With conscious effort and the right resources, you might be able to come with better security controls than the large service providers, but right now, most organizations don't have much of an audit trail for locally run services. I'm not sure if moving data off premises actually results in a net loss of control over it. Note be cause the service providers are so good at security, but because various factors conspire to make almost everyone else so bad.

Well, I don't trust the cloud and don't use it. (I don't trust my boxen in a different way). The cloud owns the CPU and this is enough for me. You should be aware of the numerous virtualization sploits -- Xen, Qemu, possibly others. Exploiting a virtualization bug is just the fee "to be in cloud" and I _suspect_ more efforts are needed for my boxen.

2015-07-19 2:22 GMT+09:00 Stephen D. Williams <sdw@lig.net>:

I feel perfectly confident that Google is going to protect their billions in income and valuation by being very careful with avoiding abusing their data or users in any strong sense.

I want to say "You're new here, aren't you?", but I know you're not. Parallel construction and intelligence laundering take care of this in case they want to abuse your data. Big Data is never very much of a privacy issue, but when they silently use that Big Data for their (or their companies') profit, well, without competition you'll lose. And then there's straight business-secret-stealing, which they also do, and which is very hard to ever find out about (parallel construction is also possible here). So, yeah, they'll protect their billions in income and valuation. And they'll use all the intelligence the US can bring to the table to do it.

On Sun, 19 Jul 2015 02:32:53 +0900 Lodewijk andré de la porte <l@odewijk.nl> wrote:

2015-07-19 2:22 GMT+09:00 Stephen D. Williams <sdw@lig.net>:

...

I feel perfectly confident that Google is going to protect their billions in income and valuation by being very careful with avoiding abusing their data or users in any strong sense.

I want to say "You're new here, aren't you?", but I know you're not.

He isn't? Well, I guess then he's just yet another old and loyal apologist of the americunt establishment. Oh, yes google-NSA will 'protect' its 'customers' because of 'economic' reasons. Not to mention they are GOOD people because they say so. Hey, it's in their propaganda kits. And Yes, pseudo 'economics' talk can be widely misused to promote any kind of fascist agenda.

Parallel construction and intelligence laundering take care of this in case they want to abuse your data. Big Data is never very much of a privacy issue, but when they silently use that Big Data for their (or their companies') profit, well, without competition you'll lose. And then there's straight business-secret-stealing, which they also do, and which is very hard to ever find out about (parallel construction is also possible here).

So, yeah, they'll protect their billions in income and valuation. And they'll use all the intelligence the US can bring to the table to do it.

cypherpunk : https://www.wikileaks.org/Op-ed-Google-and-the-NSA-Who-s.html "Google and the NSA: Who’s holding the ‘shit-bag’ now?" Not-cypherpunk-at-all :

2015-07-19 2:22 GMT+09:00 Stephen D. Williams <sdw@lig.net>:

I feel perfectly confident that Google is going to protect their billions in income and valuation by being very careful with avoiding abusing their data or users in any strong sense.

I hold multitudes. I am in one thread totally cypherpunk, and have been for a very long time. There are innumerable ways to compromise and be compromised for all kinds of good and mostly bad reasons. Perfect protection is tough for in many ways and we should keep striving to get closer to that ideal security stance. On the other hand, life is a balance. I probably shouldn't have tried to make the point here, but it is something a security professional should understand well: The right amount of security should be moderated by the tradeoff of costs vs. overhead vs. maximizing benefit vs. minimizing loss. Security stances change over time and aren't necessarily accurately reflected by paranoid absolutism. An example along these lines that I like to keep in mind: (I really did avoid writing down passwords anywhere for a long time. And I still don't carry them with me. If I did, they wouldn't be plaintext.) https://www.schneier.com/blog/archives/2005/06/write_down_your.html

Write Down Your Password

Microsoft's Jesper Johansson urged <http://news.cnet.com/Microsoft+security+guru+Jot+down+your+passwords/2100-7355_3-5716590.html> people to write down their passwords.

This is good advice, and I've been saying it for years.

Simply, people can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down. We're all good at securing small pieces of paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet.

It is terrible that some companies have been too eager to share information. They may or may not have believed whatever safeguards were in place, or not cared, etc. I'm sure a high pressure meeting with an FBI crew who are strongly playing the terrorism angle is persuasive, as it should be, up to a point. And companies holding your data can actually look at that data for business purposes, although how they use it is somewhat bounded by privacy laws (however incomplete), not making private things public, unfair business practices, etc. My point was that the existence of large, valuable services that depend on a lot of trust is, or should be to a sane entity, an even stronger incentive to behave than the patchwork of laws. Past oversharing, then embarrassment and public abuse, coupled with product impacts as they lose sensitive customers, has almost certainly caused a cleanup of those attitudes. I'd be interested in the actual policy right now, although I doubt they are going to be too explicit. I suspect that it also varies heavily by corporate culture. Every day, you are somewhat at the mercy of dozens and perhaps thousands of people who could cause you pain, suffering, or death if they were so inclined. There are many in the government, schools, employer personnel departments, medical and insurance companies, etc. The people driving around you, stopped at a light while you cross the street, making your food, they all have access and the ability to inflict misery on you. You have to trust someone to some extent. The question is who you trust, how incentivized they and the people / organization around them protects you, whether wrongs will be limited, corrected, and righted or not. For a long time, as a contractor at the peak of their heyday, I had access to AOL's entire user database, complete with name, address, full credit card info, phone numbers, etc. I could have also snooped on their Buddylists, their person-to-person video (Instant Images), and a lot more. There was zero chance that I would abuse any of that. sdw On 7/20/15 2:07 PM, Juan wrote:

cypherpunk :

https://www.wikileaks.org/Op-ed-Google-and-the-NSA-Who-s.html

"Google and the NSA: Who’s holding the ‘shit-bag’ now?"

Not-cypherpunk-at-all :

...

2015-07-19 2:22 GMT+09:00 Stephen D. Williams <sdw@lig.net>:

I feel perfectly confident that Google is going to protect their billions in income and valuation by being very careful with avoiding abusing their data or users in any strong sense.

Hey. *Now* I get it. This mailing list has a lot of tor-tards who are apologists of the pentagon's propaganda and spying efforts. It has people who say that the NSA does good things (coderman) It has apologists of the US marines. It has high ranking scumbags from the CIA. It has commie 'anarchists' who are offended by (and would love to silence) people who badmouth the marines' apologists. And NOW it also has a google and cloud apologist. Welcome Stephen =) You are yet another reason to distrust the FLOSS movement and its bloatware. J.

On Mon, 20 Jul 2015 21:36:57 -0700 "Stephen D. Williams" <sdw@lig.net> wrote:

On 7/20/15 9:07 PM, Juan wrote:

...

Hey. *Now* I get it.

This mailing list has a lot of tor-tards who are apologists of the pentagon's propaganda and spying efforts.

Are you saying that the Pentagon is never good or useful? Nor are any of their spying efforts?

Are you saying the pentagon is good and useful?

...

It has people who say that the NSA does good things (coderman)

They don't?

Do you have to ask?

...

It has apologists of the US marines.

You have never benefited in any way from the US marines?

No. But granted, at least I haven't been directly harmed by them. Which is something not everyobdy can say.

The footprint there is pretty large. You think they are somehow fundamentally evil

I don't just 'think' it. It's reality.

when they don't determine their goals or rules of engagement? Their job is to be a bad ass tool, the proverbial big stick. It is someone else's job to decide how to use that tool. Marines don't kill people, politicians using Marines kill people. Err, something like that.

Marines and other 'military personnel' murder people when 'ordered' to. They are the worst scumbags on earth. Politicians are morally responsible. The military are morally and materially responsible.

...

It has high ranking scumbags from the CIA.

There are high ranking scumbags from the CIA here?

Yes.

Interesting.

Sort of.

Is everyone from the CIA scumbags by definition?

Yes.

...

It has commie 'anarchists' who are offended by (and would love to silence) people who badmouth the marines' apologists.

Eh?

Ask a retard called Nick Econopouly if you want details.

...

And NOW it also has a google and cloud apologist. Welcome Stephen =) You are yet another reason to distrust the FLOSS movement and its bloatware.

FLOSS has bloatware?

http://www.theregister.co.uk/2009/09/22/linus_torvalds_linux_bloated_huge/ good enough of an 'authority'?

Are you using the same meaning as the rest of us? What's your favorite alternative?

There isn't any real alternative. And sure, floss is less bloated than other commercial crap, but still.

Someone explaining bits of the world are not necessarily an apologist for those bits. Trying to correct or moderate viewpoint extremism (see what I did there?)

Yes, you tried to dismiss something that doesn't line up with typical establishment bullshit as 'extremism' - I, of course, am hardly impressed...

with more balance, or logic, or other viewpoints isn't necessarily being an apologist either; that's the kind of accusation that usually comes from someone slinging not fully supported barbs. I do think Google is better than some other companies, but that's pretty weak on the apologist scale; I was more making a statement about a class of companies and how they should rationally act with respect to security.

Sure. Your comments about google & the cloud are not propaganda. I'm selling a bridge. Interested?

...

J.

What's your alternative to all of these things? If you really are into security in any sense, you should be able to explain what security exposures moderating or eliminating those entities would cause and what you would advocate to replace them.

Are you talking about the US military?

I'm offended in various ways by a lot of what happened in the past, often in organizations like DOJ, FBI, etc. that should have known better.

Should they? Looks like you don't know what government is.

I would even say that a lot of government employees and contractors seem to have got away with a lot of things they shouldn't have. But that doesn't mean that any of those organizations are fundamentally evil and aren't almost completely staffed by intelligent, respectable people.

LOL. So, how much trolling should I let you get away with? Worthless murdering scumbags are 'respectable' people and not 'fundamentally evil'. Sure. Maybe they are 'accidentally' evil? How about they 'accidentally' beat you to a pulp and then feed you to the pigs? Just as an innocent mistake of course...

Anyway, if you're still in the rebelling against authority stage, fine, have fun. Good luck with that. In the US, government wise, the people are the authority

Really? That's an interesting concept. How many lsd doses do you need in order to reach the parallel universe where that is reality? Because in this universe, it isn't.

, their own authority in essence, it just may take a long time for that to play out in a given area.

Sure. That's how jesus planned it all.

In some ways, this is also true for companies, with some nuance.

sdw

On Tue, 21 Jul 2015 00:15:16 -0700 "Stephen D. Williams" <sdw@lig.net> wrote:

On 7/20/15 10:32 PM, Juan wrote:

...

On Mon, 20 Jul 2015 21:36:57 -0700 "Stephen D. Williams" <sdw@lig.net> wrote:

...

On 7/20/15 9:07 PM, Juan wrote:

...

Hey. *Now* I get it.

This mailing list has a lot of tor-tards who are apologists of the pentagon's propaganda and spying efforts. Are you saying that the Pentagon is never good or useful? Nor are any of their spying efforts? Are you saying the pentagon is good and useful?

The Pentagon et al are protecting a large portion of the world from being overrun

by aliens from the 5th dimension, right.

Nobody else will do it.

correct.

...

...

... when they don't determine their goals or rules of engagement? Their job is to be a bad ass tool, the proverbial big stick. It is someone else's job to decide how to use that tool. Marines don't kill people, politicians using Marines kill people. Err, something like that.

Marines and other 'military personnel' murder people when 'ordered' to. They are the worst scumbags on earth.

Politicians are morally responsible. The military are morally and materially responsible.

Are police always bad too?

Yep. Same kind of psycho.

...

... Is everyone from the CIA scumbags by definition? Yes.

Whatever you gotta believe. Most of their job is to understand the world, publishing both a nice public database and the presidential daily brief (today's news). And to consult with the President as need so that hopefully reasonably intelligent decisions are made, but that depends on the intelligence of the current president.

are you for real?

...

...

...

...

...

...

J.

What's your alternative to all of these things? If you really are into security in any sense, you should be able to explain what security exposures moderating or eliminating those entities would cause and what you would advocate to replace them.

Are you talking about the US military? And FBI, CIA, State, Google, etc.

I suggest you go to a library and get a few books.

...

...

I would even say that a lot of government employees and contractors seem to have got away with a lot of things they shouldn't have. But that doesn't mean that any of those organizations are fundamentally evil and aren't almost completely staffed by intelligent, respectable people.

LOL. So, how much trolling should I let you get away with?

Worthless murdering scumbags are 'respectable' people and not 'fundamentally evil'. Sure. Maybe they are 'accidentally' evil?

DOJ, Treasury, State, HHS, etc. are filled with worthless murdering scumbags?

Oh, all of them believe in murdering anybody who doesn't recognize their divine authority. You know, the one and only 'argument' behind government : obey or die.

There are certain people, Marines et al, who are trained to be very lethal. Sucks to need that, but being anything less than the strongest & baddest isn't an option for the US.

Again, are you for real?

They are concentrated, supposed to be carefully deployed and directed. Create people like that from the subset of people who want to be like that and a few are going to go off the rails occasionally. That's a bummer, and needs to be constantly protected against, but there's no obvious alternative.

Sure.

The US is the least imperialist top superpower that ever existed.

Sure.

Still not perfect, but better than all the rest.

Sure. How does it feel to be a brain-dead americunt? Well, I guess at least it's not painful. You'd need some kind of functioning brain to feel pain.

...

How about they 'accidentally' beat you to a pulp and then feed you to the pigs? Just as an innocent mistake of course...

Oh kay. Are you off your meds?

No sonny. You are. What, you wouldn't like to be treated the way your marines treat other people? Tsk tsk.

...

...

Anyway, if you're still in the rebelling against authority stage, fine, have fun. Good luck with that. In the US, government wise, the people are the authority Really? That's an interesting concept. How many lsd doses do you need in order to reach the parallel universe where that is reality? Because in this universe, it isn't.

You haven't been watching long or closely enough. Things have changed a lot in the US in my lifetime, and it's only speeding up.

You are either out of your mind, trolling, or both. Or you mean that final coming of the americunt police state is speeding up?

...

...

, their own authority in essence, it just may take a long time for that to play out in a given area. Sure. That's how jesus planned it all.

Nonsense again.

Yep, that's the only thing you are throwing up. Actually it's propaganda but it's so fucking stupid that "nonsense" describes it as well. So yeah. Google and the cloud. Maybe you got 'cypherpunk' and 'neocunt' mixed up.

...

...

In some ways, this is also true for companies, with some nuance.

sdw

sdw

This is farcical, but one more round lest silence be taken as tacit agreement. For those of you who can't efficiently process unwanted email, apologies. And consider getting a better email client + plugins. On 7/21/15 2:03 AM, Zenaan Harkness wrote:

On 7/21/15, Stephen D. Williams <sdw@lig.net> wrote:

...

On 7/20/15 10:32 PM, Juan wrote:

...

On Mon, 20 Jul 2015 21:36:57 -0700 "Stephen D. Williams" <sdw@lig.net> wrote:

...

On 7/20/15 9:07 PM, Juan wrote:

...

Hey. *Now* I get it.

This mailing list has a lot of tor-tards who are apologists of the pentagon's propaganda and spying efforts. Are you saying that the Pentagon is never good or useful? Nor are any of their spying efforts? Are you saying the pentagon is good and useful? The Pentagon et al are protecting a large portion of the world from being overrun. Nobody else will do it. Damn! From Russia and China yeah? Wow. What a mindset.

Not really, more from warlords, dictators, etc. Supposedly Russia is "only protecting their ethnic Russians". From what? Joining NATO and Western Europe as far as I could tell.

https://en.wikipedia.org/wiki/Covert_United_States_foreign_regime_change_act...

"The United States has been involved in and assisted in the overthrow of foreign governments (more recently termed "regime change") without the overt use of U.S. military force. Often, such operations are tasked to the Central Intelligence Agency (CIA)."

Yep, the US has been involved in all kinds of past situations, along with a number of other countries. Those were indeed the bad old days. Sometimes intentions were good, sometimes maybe not. It's too bad that people 40-80 years ago didn't have 2015 sensibilities. Romans begat Europe, British begat a lot, including terrible treatment of Aborigines and Maori. Europe decimated American Indians. Slavery. But you imply that past possibly-poor actions indicate present value. Hardly. None of those people are in power and most are dead. Everyone has learned a lot, J. Edgar Hoover is no longer blackmailing US Presidents and everyone else to preserve his FBI empire, etc. Americans beat up on America quite a bit and all of this eventually comes out, often these days as very watchable movies that authoritatively teach what we weren't taught in school, about the US and often the rest of the world. Generally, lessons are learned and we do better in the future. But occasionally someone slips in who is not an intellectual powerhouse and mistakes are made again. Se la vie. What's your better alternative? Even when the US meddled, except for a very few circumstances, it was to achieve something useful, not to subjugate peoples for colonies, incorporation into an empire, etc. The US pays a lot for legacy military bases everywhere, provides lots of protection and other benefits, and generally attempts fit in and be respectful.

I grant they seem to be doing ... something. Here's the table of contents from that wiki page:

Contents 1 Cold War 1.1 Syria 1949 ... 2.3 Iran 2005–present

Perhaps those are the countries that were going to overrun "us" (never mind the fact I live in Australia anyway, but damn, what a way of thinking).

What is your concept? That no one have power to repel anyone else? That some other country / culture is better suited to being "on top"? The US is the worst system, except for everything else. It is deliberately designed to be messy, in conflict, and unstable. The genius of this arrangement is that it leads to a stronger result than anything else.

SDW, thank you for being so frank - honest about how you think. It is educational to me in a good way. Part of the difference is perhaps that I am not living in the USA, so I look inwards to your government and agencies, not outwards.

Many non-Americans don't really get America, even if they have visited or lived here. Many Americans don't fully get America either; easy to be parochial. Not long ago, someone was tearing into the US about teargas being used in some situation, how terrible and dangerous it was, etc. I pointed out, with references, that every single American military individual is subjected to a good dose of teargas as part of training.

...

...

...

when they don't determine their goals or rules of engagement? Their job is to be a bad ass tool, the proverbial big stick. It is someone else's job to decide how to use that tool. Marines don't kill people, politicians using Marines kill people. Err, something like that. Marines and other 'military personnel' murder people when 'ordered' to. They are the worst scumbags on earth.

Politicians are morally responsible. The military are morally and materially responsible. Are police always bad too?

...

... Is everyone from the CIA scumbags by definition? Yes. Whatever you gotta believe. Most of their job is to understand the world, :)

Interesting way of "understanding" the world - 'regime change' is about as polite a way the current empire can couch its predominant activity since WWII.

In some cases, regime change can be nice. Depends on specifics. ...

...

...

...

I would even say that a lot of government employees and contractors seem to have got away with a lot of things they shouldn't have. But that doesn't mean that any of those organizations are fundamentally evil and aren't almost completely staffed by intelligent, respectable people.

LOL. So, how much trolling should I let you get away with?

Worthless murdering scumbags are 'respectable' people and not 'fundamentally evil'. Sure. Maybe they are 'accidentally' evil? DOJ, Treasury, State, HHS, etc. are filled with worthless murdering scumbags? Time to wake up. You evidently need to do more research. The balance of good vs. evil, of the once mighty USA, is well and truly tipped in favour of despotism and cronyism at this point in history. Very unfortunately. And notwithstanding the good remnant who do remain actually within the system (as insignificant and ineffective as they are to effecting good into the world).

Yea? Interesting. I think you've been watching Fox News too much. Or you are talking about New Jersey. ;-) We obsess about that stuff precisely because it isn't tolerated at all, except for narrowly acceptable, mostly noise levels. How do you come to think this? What's your evidence?

Greece. Rome. Persia. British Empire. USA.

Every empire falls. USA has fallen, it just can't quite see the reality of this yet.

Yea? What would constitute a fall for the US? I don't think you understand the nature of the US or what would constitute a win.

...

There are certain people, Marines et al, who are trained to be very lethal. Sucks to need that, but being anything less than the strongest & baddest isn't an option for the US. They are concentrated, supposed to be carefully deployed and directed. Create people like that from the subset of people who want to be like that and a few are going to go off the rails occasionally. That's a bummer, and needs to be constantly protected against, but there's no obvious alternative.

The US is the least imperialist top superpower that ever existed. Still not perfect, but better than all the rest. "No better than all the rest". Fixed that for you. Few would agree with that.

The record is abysmal. USA is "morally" (on an international political and death-toll level) and financially bankrupt. Depends on what you look at. There are some things that we as a group definitely think were mistakes, Iraq etc.

I just pray that the end of USA's grab for global hegemony means a long lasting multi-polar world, and not a new imperialist Chinese "empire regime".

What do you think the "success" of a USA grab for global hegemony would look like? What do you think the USA end goal is if it wasn't "stopped"?

...

...

How about they 'accidentally' beat you to a pulp and then feed you to the pigs? Just as an innocent mistake of course... Oh kay. Are you off your meds? You're missing the point. "Regime change" means if you're in their way, your life ends. Time for you to do some history lessons. Because you feel safe (you're one of the "good guys" right?), you don't see the problem, and you therefore have difficulty hearing the message.

Your construction there seems off, but: Much of aggression has been about answering threats, directly or indirectly. So your statement doesn't apply to Afghanistan, WWII, etc. Korea, Vietnam, etc. were about a perceived threat that seemed real; we generally consider those to probably have been wrong on multiple levels. I guess you think that if anyone supports the US, they must be agreeing with everything that's ever happened. Obviously that's a terribly simplistic assumption.

...

...

...

Anyway, if you're still in the rebelling against authority stage, fine, have fun. Good luck with that. In the US, government wise, the people are the authority Really? That's an interesting concept. How many lsd doses do you need in order to reach the parallel universe where that is reality? Because in this universe, it isn't. You haven't been watching long or closely enough. Things have changed a lot in the US in my lifetime, and it's only speeding up. Sadly, individual liberty was not respected enough to capture the sanction of foreign thinkers. I'm being extraordinarily conservative in my words here...

"Capture the sanction of foreign thinkers"? Nonsense. sdw

On Wed, Jul 22, 2015, at 09:30 AM, Stephen D. Williams wrote:

Even when the US meddled, except for a very few circumstances, it was to achieve something useful,

Useful to whom? Not to the Chagossians of Diego Garcia in the 60s and 70s. FFS, the _whole population_ was kicked off the island.

not to subjugate peoples for colonies

Maybe you should read: https://en.wikipedia.org/wiki/Depopulation_of_Chagossians_from_the_Chagos_Ar...

provides lots of protection and other benefits, and generally attempts fit in and be respectful.

You should stop drinking the Koolaid. It's funny how so many patriots love the country they happened to have been born in. Alfie -- Alfie John alfiej@fastmail.fm

| It's funny how so many patriots love the country they happened to have | been born in. http://ebooks.library.cornell.edu/cgi/t/text/pageviewer-idx?c=atla;cc=atla;r... ymmv, --dan

On 7/21/15 6:21 PM, Zenaan Harkness wrote:

On 7/21/15, Stephen D. Williams <sdw@lig.net> wrote:

...

On 7/21/15 2:03 AM, Zenaan Harkness wrote:

...

On 7/21/15, Stephen D. Williams <sdw@lig.net> wrote:

...

On 7/20/15 10:32 PM, Juan wrote:

...

On Mon, 20 Jul 2015 21:36:57 -0700 "Stephen D. Williams" <sdw@lig.net> wrote:

...

On 7/20/15 9:07 PM, Juan wrote: > Hey. *Now* I get it. Anyway, if you're still in the rebelling against authority stage, fine, have fun. Good luck with that. In the US, government wise, the people are the authority Really? That's an interesting concept. How many lsd doses do you need in order to reach the parallel universe where that is reality? Because in this universe, it isn't. You haven't been watching long or closely enough. Things have changed a lot in the US in my lifetime, and it's only speeding up. Sadly, individual liberty was not respected enough to capture the sanction of foreign thinkers. I'm being extraordinarily conservative in my words here... "Capture the sanction of foreign thinkers"? Nonsense. Sorry, my bad, USA is hailed by the rest of the world as the pinnacle of the High Moral Ground (TM), almost no one has problems they take issue with, with the USA, and governments round the world are clamouring for a one world order lead by the halo clad Obama (or pick any prior president not including Kennedy).

Gee whiz jiggity, I keep gettin my sense and my non sense all mixed up now... apollo-gees, yall.

Your sentence is nonsense. I can't parse it. Maybe in the original Russian it was coherent. sdw

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/21/2015 03:15 AM, Stephen D. Williams wrote:

On 7/20/15 10:32 PM, Juan wrote:

...

On Mon, 20 Jul 2015 21:36:57 -0700 "Stephen D. Williams" <sdw@lig.net> wrote:

[...]

...

Are you saying the pentagon is good and useful?

The Pentagon et al are protecting a large portion of the world from being overrun. Nobody else will do it.

And all along I thought, the sooner the Pentagon et al stood down and let the world be overrun, the better for the human race. Better in every measurable way, except for the net worth and sovereign power of the wealthy and powerful gangs that sponsor and direct those organizations.

...

Politicians are morally responsible. The military are morally and materially responsible.

Are police always bad too?

Last I heard, police forces were not dispatched to cross borders and kill large numbers of people, to advance the financial agendas of some few thousands of the folks back home. When the police do what the military does, they become criminals even by the definition of the laws enacted by their own masters. Anyone who deliberately and for personal gain participates in mass murder might be considered "bad." I prefer to think of them as ignorant and disinformed, aside from a minority among them who are psychopathic and in need of minders.

...

... Is everyone from the CIA scumbags by definition? Yes.

Whatever you gotta believe. Most of their job is to understand the world, publishing both a nice public database and the presidential daily brief (today's news). And to consult with the President as need so that hopefully reasonably intelligent decisions are made, but that depends on the intelligence of the current president.

So... If I understand this correctly, the CIA, a clandestine U.S. military service, is in the business of persuading Presidents, elected to embody the will of the People, to their way of thinking. Come to think of it, their charter implicity says so. I guess we should have dumped them when we had the chance. IIRC a President once said he was going do just that, too bad somebody shot him. Every corporate entity needs intelligence to function. How many need a department to promote, codify and implement torture as a psychological weapon? How many need a department that arms, trains and directs gangs of killers to put inconvenient market competitors out of business, and take over their shops? How many need a department to set up and run major drug smuggling operations, to fund other violent criminal enterprises off the books ? I try not to go around calling people "scumbags" and come to think of it, I succeed. But there's no denying that working for the CIA in any capacity imparts a certain taint, given that it has been a criminal enterprise more or less since its inception and shows no signs of meaningful reform. By "criminal" I mean, per any common sense definition that does not duck the issue by asserting that certain functions of State are by definition "above the law" due to some existential necessity. A MAFIA bookkeeper who always does an honest day's work and never hurts anybody is not a criminal, righ t?

...

...

What's your alternative to all of these things? If you really are into security in any sense, you should be able to explain what security exposures moderating or eliminating those entities would cause and what you would advocate to replace them. Are you talking about the US military? And FBI, CIA, State, Google, etc.

Practical alternatives to endemic, high dollar institutional violence are limited by the inherent nature of the institutions that carry it out: They exist to impose the will of their masters on whole societies. They defeat their masters' specified enemies by any means necessary, which covers a spectrum from propaganda through deception, bribery and terrorism to the industrialized mass murder we call warfare. Try to stop them; if you show signs of success, their masters will direct them to neutralize YOU by any means necessary. As things stand, we don't have enough volunteers to shut down the killing machine by direct intervention. If and when we do, the emergent organizations that make it possible will also play key roles in developing long term solutions for international conflicts. As a practical matter, one must do what one can to stop the bleeding; such efforts tend to be contagious, and we have ways of spreading that contagion. It starts with telling the truth. Opportunities to do that keep coming faster and faster.

...

...

I'm offended in various ways by a lot of what happened in the past, often in organizations like DOJ, FBI, etc. that should have known better. Should they? Looks like you don't know what government is. Wha?

Most people don't know what government is, because those who govern use a very different definition than the ones the governed are taught: State sovereignty is the power to rob, kidnap and kill withing a given territorial boundary, and to defend these powers as one's exclusive prerogative. Anarchists are consistently depicted as violent lunatics opposed to any form of social order. The idea that government is based on the consent of the governed is all well and good in a civics class, but God forbid someone should try to actually implement that fine theory by withdrawing their consent from particular incarnations and/or functions of government.

...

Worthless murdering scumbags are 'respectable' people and not 'fundamentally evil'. Sure. Maybe they are 'accidentally' evil?

DOJ, Treasury, State, HHS, etc. are filled with worthless murdering scumbags?

I would not say so, but broadly speaking, they are directed by political appointees who, to varying extents, run them as criminal enterprises. Criminal, even by the very liberal and tolerant standards set by the State that employs them.

There are certain people, Marines et al, who are trained to be very lethal. Sucks to need that, but being anything less than the strongest & baddest isn't an option for the US. They are concentrated, supposed to be carefully deployed and directed. Create people like that from the subset of people who want to be like that and a few are going to go off the rails occasionally. That's a bummer, and needs to be constantly protected against, but there's no obvious alternative.

To me, the alternatives are painfully obvious. Step one in a real "war against terror" is to stop doing terrorism. Step one in defending a country's "way of life" is to invest in its human and industrial infrastructure. It certainly makes no sense to indulge in multi-trillion dollar tax and debt funded economic bonfires that produce nothing but paychecks, stock dividends and the odd few million dead bodies and refugees here and there.

The US is the least imperialist top superpower that ever existed. Still not perfect, but better than all the rest.

That's kind of like advertising oneself as the kindest, most considerate serial killer presently at large. It doesn't take a lifetime of study or exceptional brain power to recognize gross offenses to the values that define human beings as social animals fit to walk the Earth. It does take a lifetime of study and exceptional brain power, on the part of a whole managerial class, to direct that society to commit such offenses and take them for granted as regrettable necessities. The survival value of human intelligence has not been satisfactorily demonstrated. Its hazards are becoming more obvious every day. :o/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVrhC/AAoJEDZ0Gg87KR0LXAwQAMkGzKbZ3hw1uCVhjguLhbJQ wBXYHHhciXuUweW5FUSMaZPRDnZ9az4TE8pq0l3Kd8NhRx+wv9GQH5BbeyShPrx0 hvuNyaImg2+CxCO6JBRovcqm+oQX812JSl8sD7/mLlpG084aidUook7tESHVNYgG pJbQvCT9H4fjQTXEZksbPYrtIneh5G8csusWeDhGXP3yEtTPK7KSAJ1JSFF/SMkf B1pbHUh4hvO4dJNa+iVIKWUJyQ9LpsLkVCpW/QZllfb3Fy4FVnIaTKzuvg/KrIEs 9ulgBwwIozGvNxAcaIekI6WrtbDGrCL0s47i+ruEy7fEZw4aQkGuqTvcExOHHSjZ DchPIGCL7WpWP+n2D9ML+8CqZ2yvbU7+KKpRJYOTQ1fzKaATa9Fh6xGYeT255RkL qln6IIpJTu9p01kmuQvIKkquMeoSzx0FhugaSXdhwKDZIeALkphLnr1x8hZ6DK+y T4HovlPyGoYMme1TkJXvVdjyG2GWvYnfA25ZvD4IvwzVk61ghEUqM+dzxbMtWgbh 2cjShMRUJEJXPN5HCaQx3lWW9uUBMg7K/uVuk/jz4zs0b4ChboqpYO2Sv3iwpSxt 3+eWscLmq8/TcofsUlggFpXpYPbFT5jqZL74lOQLn6xl//4mDxy8LbcYhsAz+Gwh 5AExaEYU6vTbndh5EwZF =hfWs -----END PGP SIGNATURE-----

On Tue, 21 Jul 2015 06:58:52 -0700 Seth <list@sysfu.com> wrote:

Correct me if I'm wrong, but aren't the roots of the Cypherpunk movement more or less explicitly anarchist?

this ^^^^^

The number of state-theists on this list never ceases to amaze.

and this ^^^^^

On Tue, 21 Jul 2015 13:54:25 -0700, Lance Cottrell <loki@obscura.com> wrote:

I recall it being more nuanced and diverse.

I wasn't there in the beginning so I don't have any firsthand knowledge. According to this piece, [1] "Almost all cypherpunks were anarchists who regarded the state as the enemy." I'm basing the claim on the fact that founding member Timothy May wasn't exactly shy about his crypto *anarchy* vision of the future. Not sure what exactly what Eric Hughes or John Gilmore's were at the time. [1] http://onlyinamericablogging.blogspot.jp/2011/03/robert-manne-julian-assange... <snip> The cypherpunks emerged from a meeting of minds in late 1992 in the Bay Area of San Francisco. Its founders were Eric Hughes, a brilliant Berkeley mathematician; Timothy C. May, an already wealthy, former chief scientist at Intel who had retired at the age of thirty-four; and John Gilmore, another already retired and wealthy computer scientist – once number five at Sun Microsystems – who had co-founded an organisation to advance the cause of cyberspace freedom, the Electronic Frontier Foundation. They created a small group, which met monthly in Gilmore’s office at a business he had created, Cygnus. At one of the early meetings of the group, an editor at Mondo 2000, Jude Milhon, jokingly called them cypherpunks, a play on cyberpunk, the “hi-tech, low-life” science-fiction genre. The name stuck. It soon referred to a vibrant emailing list, created shortly after the first meeting, which had grown to 700 by 1994 and perhaps 2000 by 1997 with by then up to a hundred postings per day. It also referred to a distinctive sub-culture – eventually there were cypherpunk novels, Snowcrash, Cryptonomicon, Indecent Communications; a cypherpunk porno film, Cryptic Seduction; and even a distinctive cypherpunk dress: broad-brimmed black hats. Most importantly, however, it referred to a political–ideological crusade. At the core of the cypherpunk philosophy was the belief that the great question of politics in the age of the internet was whether the state would strangle individual freedom and privacy through its capacity for electronic surveillance or whether autonomous individuals would eventually undermine and even destroy the state through their deployment of electronic weapons newly at hand. Many cypherpunks were optimistic that in the battle for the future of humankind – between the State and the Individual – the individual would ultimately triumph. Their optimism was based on developments in intellectual history and computer software: the invention in the mid-1970s of public-key cryptography by Whitfield Diffie and Martin Hellman, and the creation by Phil Zimmerman in the early 1990s of a program known as PGP, “Pretty Good Privacy”. The seminal historian of codes, David Kahn, argued that the Diffie–Hellman invention represented the most important development in cryptography since the Renaissance. Zimmerman’s PGP program democratised their invention and provided individuals, free of cost, with access to public-key cryptography and thus the capacity to communicate with others in near-perfect privacy. Although George Orwell’s Nineteen Eighty-Four was one of the cypherpunks’ foundational texts, because of the combination of public-key cryptography and PGP software, they tended to believe that in the coming battle between Big Brother and Winston Smith, the victor might be Winston Smith. At the time the cypherpunks formed, the American government strongly opposed the free circulation of public-key cryptography. It feared that making it available would strengthen the hands of the espionage agencies of America’s enemies abroad and of terrorists, organised criminals, drug dealers and pornographers at home. For the cypherpunks, the question of whether cryptography would be freely available would determine the outcome of the great battle of the age. Their most important practical task was to write software that would expand the opportunities for anonymous communication made possible by public-key cryptography. One of the key projects of the cypherpunks was “remailers”, software systems that made it impossible for governments to trace the passage from sender to receiver of encrypted email traffic. Another key project was “digital cash”, a means of disguising financial transactions from the state. Almost all cypherpunks were anarchists who regarded the state as the enemy. Most but not all were anarchists of the Right, or in American parlance, libertarians, who supported laissez-faire capitalism. The most authoritative political voice among the majority libertarian cypherpunks was Tim May, who, in 1994, composed a vast, truly remarkable document, “Cyphernomicon”. May called his system crypto-anarchy. He regarded crypto-anarchy as the most original contribution to political ideology of contemporary times. May thought the state to be the source of evil in history. He envisaged the future as an Ayn Rand utopia of autonomous individuals dealing with each other as they pleased. Before this future arrived, he advocated tax avoidance, insider trading, money laundering, markets for information of all kinds, including military secrets, and what he called assassination markets not only for those who broke contracts or committed serious crime but also for state officials and the politicians he called “Congressrodents”. He recognised that in his future world only elites with control over technology would prosper. No doubt “the clueless 95%” – whom he described as “inner city breeders” and as “the unproductive, the halt and the lame” – “would suffer, but that is only just”. May acknowledged that many cypherpunks would regard these ideas as extreme. He also acknowledged that, while the overwhelming majority of cypherpunks were, like him, anarcho-capitalist libertarians, some were strait-laced Republicans, left-leaning liberals, Wobblies or even Maoists. Neither fact concerned him. The cypherpunks formed a house of many rooms. The only thing they all shared was an understanding of the political significance of cryptography and the willingness to fight for privacy and unfettered freedom in cyberspace. <snip>

On Tue, 21 Jul 2015 20:49:31 -0700 Seth <list@sysfu.com> wrote:

http://onlyinamericablogging.blogspot.jp/2011/03/robert-manne-julian-assange...

<snip>

Almost all cypherpunks were anarchists who regarded the state as the enemy. Most but not all were anarchists of the Right, or in American parlance, libertarians, who supported laissez-faire capitalism.

That's for the people who didn't get the memo. (Oops. I just picked up the expression from Zenaan. I hope he doesn't sue me) Now, here's another important memo : Firms like gaagle, bank of amerikkka, amerikkka online, etc, are textbook examples of corporatism, mercantilism and, given their support for the american fascist state, they can be classed as outright fascist. (American) big businesses have NOTHING to do with "free market capitalism". Interestingly enough both anti-libertarians and fake libertarians like to pretend that big fascist businesses are justified by libertarian philosophy.

The cypherpunks formed a house of many rooms. The only thing they all shared was an understanding of the political significance of cryptography and the willingness to fight for privacy and unfettered freedom in cyberspace.

A flawed understanding it seems.

<snip>

On Wed, 22 Jul 2015 19:19:38 -0400 Steve Kinney <admin@pilobilus.net> wrote:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On 07/22/2015 06:03 PM, Juan wrote:

...

...

The cypherpunks formed a house of many rooms. The only thing they all shared was an understanding of the political significance of cryptography and the willingness to fight for privacy and unfettered freedom in cyberspace.

A flawed understanding it seems.

Oi, group identity in any anarchist-friendly venue can't be enforced by any kind of coercive authority, else it is not an anarchist-friendly venue. Fighting over the definition of the group is only fun until somebody wins.

Apologies, my last remark wasn't too clear. "understanding of the political significance of cryptography" What I meant is that cypherpunks seem to put too much emphasis on the political benefits and 'significance' of crypto when in reality crypto doesn't really solve politicals problems.

:o)

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIcBAEBAgAGBQJVsCUIAAoJEDZ0Gg87KR0LKI4P/RU1tIiSfwJ+nYYHPGqCFocE xXtLswzXeyoXxOX5cc621lKHa0F6NbRG/ZXO7aqVtbeWpF/A2wjAf5rprUGSEzv7 nm7exyhXrSrMvYkjx+9BlxduvbOSQJAsfCwCeKa9SOoXcg0yOFolSssaPSzHHBP8 w9+7mDT+jAWzuyuqpfk+8Ntk3E7tfPtOEiWBPKB0Um1k7ySklWVk1mPiPCgmrBEM dCgFZ+JxuqHrLaZSYcvLVMAyxlmpYWZAk9Y9KkZ45Kir5uRb/Ezy4IUXnUso89et ErH9FqdmV6BEun1okoce2eflXfHkLGhFcPcXOeDqUZK8wxP/RE8Du6BFBUHf+XeJ GS1F6rUBvJjyQZm1Vpwlh2RrJV7xtOo98oTRR9b8/3yDOl42tN7pDXtauMChE3Lt Nw4WnTDU1Fzasxwq5fJsK+sA0m91PQken0csu+NG0Nqc8U6HgCp0EoqzrxUyPF0Z m3fiqL0Bq4A8O0wbQVe+d1riCk8lnVMW9svEP8bi2w6IPqJJ9lhFSVlA6T26/HFi OhecuDHIogAMPf4tfTrTfewoCmfBvVA2NvH+gqnzr9DQTgby8WzLQ1y/aANlgBI9 01/jrZSJoWaOgh0ojqJ4QoSXl9TS5kQ17PirGwfFD9+bXaFHqNXIv2loWrA2/OnA 2TmJ2zgxgwooh/RI5gIR =+zOF -----END PGP SIGNATURE-----

From: Juan <juan.g71@gmail.com> On Wed, 22 Jul 2015 19:19:38 -0400 Steve Kinney <admin@pilobilus.net> wrote:

...

On 07/22/2015 06:03 PM, Juan wrote:

...

...

The cypherpunks formed a house of many rooms. The only thing they all shared was an understanding of the political significance of cryptography and the willingness to fight for privacy and unfettered freedom in cyberspace.

A flawed understanding it seems.

...

Oi, group identity in any anarchist-friendly venue can't be enforced by any kind of coercive authority, else it is not an anarchist-friendly venue.  Fighting over the definition of the group is only fun until somebody wins.

  What I meant is that cypherpunks seem to put too much   emphasis on the political benefits and 'significance' of   crypto when in reality crypto doesn't really solve political    problems.

Not yet, anyway.        Jim Bell        

On Wed, Jul 22, 2015 at 8:13 PM, jim bell <jdb10987@yahoo.com> wrote:

...

What I meant is that cypherpunks seem to put too much emphasis on the political benefits and 'significance' of crypto when in reality crypto doesn't really solve political problems.

Not yet, anyway.

What examples in history are there of long strings of (say five or more) targeted knockoffs of assorted high level types (be they among Govt or Corp)? Analysis of the leadup situation surrounding those may be predictor for the next. And may indicate whether money was sole, primary, simply grease, or no relation. And if related were they single, group, or crowd funded.

On July 21, 2015 2:35:23 AM Steve Kinney <admin@pilobilus.net> wrote a post that deserves to be QFT, so it's included below: Echoing Seth's sentiment, but wanted to be sure your post was read by anyone who might have missed it. I truly don't have the time right now to pen the kind of response I wanted to after reading those state apologist diatribes. Upon reading your reply below, I see you have it covered (and you made your point without the salty language I may have used. Heh.) +1, +1, +1... -Shelley

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On 07/21/2015 03:15 AM, Stephen D. Williams wrote:

...

On 7/20/15 10:32 PM, Juan wrote:

...

On Mon, 20 Jul 2015 21:36:57 -0700 "Stephen D. Williams" <sdw@lig.net> wrote:

[...]

...

...

Are you saying the pentagon is good and useful?

The Pentagon et al are protecting a large portion of the world from being overrun. Nobody else will do it.

And all along I thought, the sooner the Pentagon et al stood down and let the world be overrun, the better for the human race. Better in every measurable way, except for the net worth and sovereign power of the wealthy and powerful gangs that sponsor and direct those organizations.

...

...

Politicians are morally responsible. The military are morally and materially responsible.

Are police always bad too?

Last I heard, police forces were not dispatched to cross borders and kill large numbers of people, to advance the financial agendas of some few thousands of the folks back home. When the police do what the military does, they become criminals even by the definition of the laws enacted by their own masters.

Anyone who deliberately and for personal gain participates in mass murder might be considered "bad." I prefer to think of them as ignorant and disinformed, aside from a minority among them who are psychopathic and in need of minders.

...

...

... Is everyone from the CIA scumbags by definition? Yes.

Whatever you gotta believe. Most of their job is to understand the world, publishing both a nice public database and the presidential daily brief (today's news). And to consult with the President as need so that hopefully reasonably intelligent decisions are made, but that depends on the intelligence of the current president.

So... If I understand this correctly, the CIA, a clandestine U.S. military service, is in the business of persuading Presidents, elected to embody the will of the People, to their way of thinking. Come to think of it, their charter implicity says so. I guess we should have dumped them when we had the chance. IIRC a President once said he was going do just that, too bad somebody shot him.

Every corporate entity needs intelligence to function. How many need a department to promote, codify and implement torture as a psychological weapon? How many need a department that arms, trains and directs gangs of killers to put inconvenient market competitors out of business, and take over their shops? How many need a department to set up and run major drug smuggling operations, to fund other violent criminal enterprises off the books ?

I try not to go around calling people "scumbags" and come to think of it, I succeed. But there's no denying that working for the CIA in any capacity imparts a certain taint, given that it has been a criminal enterprise more or less since its inception and shows no signs of meaningful reform. By "criminal" I mean, per any common sense definition that does not duck the issue by asserting that certain functions of State are by definition "above the law" due to some existential necessity. A MAFIA bookkeeper who always does an honest day's work and never hurts anybody is not a criminal, righ t?

...

...

...

What's your alternative to all of these things? If you really are into security in any sense, you should be able to explain what security exposures moderating or eliminating those entities would cause and what you would advocate to replace them. Are you talking about the US military? And FBI, CIA, State, Google, etc.

Practical alternatives to endemic, high dollar institutional violence are limited by the inherent nature of the institutions that carry it out: They exist to impose the will of their masters on whole societies. They defeat their masters' specified enemies by any means necessary, which covers a spectrum from propaganda through deception, bribery and terrorism to the industrialized mass murder we call warfare. Try to stop them; if you show signs of success, their masters will direct them to neutralize YOU by any means necessary.

As things stand, we don't have enough volunteers to shut down the killing machine by direct intervention. If and when we do, the emergent organizations that make it possible will also play key roles in developing long term solutions for international conflicts.

As a practical matter, one must do what one can to stop the bleeding; such efforts tend to be contagious, and we have ways of spreading that contagion. It starts with telling the truth. Opportunities to do that keep coming faster and faster.

...

...

...

I'm offended in various ways by a lot of what happened in the past, often in organizations like DOJ, FBI, etc. that should have known better. Should they? Looks like you don't know what government is. Wha?

Most people don't know what government is, because those who govern use a very different definition than the ones the governed are taught: State sovereignty is the power to rob, kidnap and kill withing a given territorial boundary, and to defend these powers as one's exclusive prerogative.

Anarchists are consistently depicted as violent lunatics opposed to any form of social order. The idea that government is based on the consent of the governed is all well and good in a civics class, but God forbid someone should try to actually implement that fine theory by withdrawing their consent from particular incarnations and/or functions of government.

...

...

Worthless murdering scumbags are 'respectable' people and not 'fundamentally evil'. Sure. Maybe they are 'accidentally' evil?

DOJ, Treasury, State, HHS, etc. are filled with worthless murdering scumbags?

I would not say so, but broadly speaking, they are directed by political appointees who, to varying extents, run them as criminal enterprises. Criminal, even by the very liberal and tolerant standards set by the State that employs them.

...

There are certain people, Marines et al, who are trained to be very lethal. Sucks to need that, but being anything less than the strongest & baddest isn't an option for the US. They are concentrated, supposed to be carefully deployed and directed. Create people like that from the subset of people who want to be like that and a few are going to go off the rails occasionally. That's a bummer, and needs to be constantly protected against, but there's no obvious alternative.

To me, the alternatives are painfully obvious. Step one in a real "war against terror" is to stop doing terrorism. Step one in defending a country's "way of life" is to invest in its human and industrial infrastructure. It certainly makes no sense to indulge in multi-trillion dollar tax and debt funded economic bonfires that produce nothing but paychecks, stock dividends and the odd few million dead bodies and refugees here and there.

...

The US is the least imperialist top superpower that ever existed. Still not perfect, but better than all the rest.

That's kind of like advertising oneself as the kindest, most considerate serial killer presently at large.

It doesn't take a lifetime of study or exceptional brain power to recognize gross offenses to the values that define human beings as social animals fit to walk the Earth. It does take a lifetime of study and exceptional brain power, on the part of a whole managerial class, to direct that society to commit such offenses and take them for granted as regrettable necessities.

The survival value of human intelligence has not been satisfactorily demonstrated. Its hazards are becoming more obvious every day.

:o/

-----END PGP SIGNATURE-----

You lot sound like the types that'd run openbsd on your desktops :D

On 7/21/15 1:23 AM, Zenaan Harkness wrote:

...

On 7/20/15 9:07 PM, Juan wrote:

...

And NOW it also has a google and cloud apologist. Welcome Stephen =) You are yet another reason to distrust the FLOSS movement and its bloatware. FLOSS has bloatware? Nah - firefox is a lithe little vegetarian pea pod, lucky to use 1% of one CPU and a bee's proverbial of your RAM, LibreOffice is so small and feature free it's lucky to even print a document, and the Linux kernel, well, it's so clean, small and well documented it's just a few

On 7/21/15, Stephen D. Williams <sdw@lig.net> wrote: lines longer than HelloWorld.c - so of course it's well audited and highly secure as a result. Couldn't ask for cleaner security really.

Nope, no bloatware round these parts. Someone missed the memo...

Polymer 1.0 web app, which is the cleanest HTML / Javascript yet, talking via Swagger IO library to a Go single-executable Docker container (break out of that!) with a very simple matching webAPI app structure... That was some work to find, validate, and select; you're welcome. I love how Microsoft is happy that their mini Windows VM is "only" 400MB to start. Web browsers are the new operating system, so I cut Firefox some slack. Most of what you interact with in the browser API is a Javascript web app anyway. I often have up to 700 tabs open... It is the Javascript on those tabs that makes it a pig. sdw

On 7/21/15, Juan <juan.g71@gmail.com> wrote:

Hey. *Now* I get it.

This mailing list has a lot of tor-tards who are apologists of the pentagon's propaganda and spying efforts.

It has people who say that the NSA does good things (coderman)

It has apologists of the US marines.

It has high ranking scumbags from the CIA.

It has commie 'anarchists' who are offended by (and would love to silence) people who badmouth the marines' apologists.

And NOW it also has a google and cloud apologist. Welcome Stephen =) You are yet another reason to distrust the FLOSS movement and its bloatware.

Lemme guess - you're new here? Welcome :)

On Tue, 21 Jul 2015 09:53:11 -0400 Nick Econopouly <nickeconopouly@gmail.com> wrote:

It's amusing how Juan picked up the "apologist" term from my emails and is now using it incorrectly.

https://cpunks.org/pipermail/cypherpunks/2014-December/006241.html "To the people who say that governments are not 'monolithic', something that entry-level tor apologists and the like mindlessly parrot. " I'm sorry Nick if I stole your word and infringed upon your intellectual property rights. I profusely apology. Please don't tell the FBI. Except...do you mind providing proof of your previous ownership of the term? Since I 'picked' it from you (you say), you surely can link messages previous to december 2014 in which you used it, right? I'll be waiting. J.

-nick

On 07/21, Juan wrote:

On Tue, 21 Jul 2015 09:53:11 -0400 Nick Econopouly <nickeconopouly@gmail.com> wrote:

...

The US government does not keep its power over its citizens with just brute force and propaganda. It is a complex social relationship, and yes a great deal of propaganda is involved. But it is not totalitarian the way you frame it.

Sure. It's not totalitarian. It's simply based on the free principle of democracy : obey or die. ok

You don't need to waste your amazing intellect refuting me, Nick. I've conceded your point. nah you basically can't understand my emails but ok

...

It is not like a children's movie where the villians are all ugly and you can tell they are villians just from the way they look and talk. The policeman, the marine dude, and even the politician or CIA official came from some family and applied for the job because it was considered an acceptable way to make a living and contribute to society. They are not all evil. It doesn't matter if the nasty recipe of them all mixed together makes the USA cause/commit atrocities, it's simplistic and basically false to act like every one of these USians is evil.

Thanks Nick. Now I really get it. People who do evil things are not evil. They are good. You don't get it, at all.

Interestingly enough, a lot of anarchist theory agrees with what I said- The idea that people are like blank slates and not good or evil. It says that people are influenced by the world around them and that is what determines their morality, etc. So, for instance, while most people today could not accept or live in an anarchist society(without some... un-indoctrination at the very least), people who are raised in one would find it perfectly normal and agreeable.

1)

...

Think of the disgruntled senator or NSA worker who is reading this list,

As in someone reading it in their free time, not because they were assigned to spook it. Obviously.

2)

...

Actually, to be honest, you are serving the NSA more than anyone on this list, even the "spies".

Unintentionaly. Indirectly. Whatever. I guess adding a few implied words makes reading comprehension easier for some people. I was not making a statement about your affiliation.

3)

...

Also, you guys really think there is an NSA-man personally reading this list, looking for dissedents? Why would they waste their time on this shit?

See Nick, that's the real extent of your intellect. It took you two paragraphs to flatly contradict yourself.

No, it took you two paragraphs to show that you can't understand my basic points.

...

The only ones subverting it are the most hardcore cypherpunks here,

Well, thanks for considering me a hardore cypherpunk? Now think about what you wrote. You're whining about cypherpunks in a cypherpunk mailing list. Do you see just how ridiculous you are?

I should have put quotes around "cypherpunks". I think it's laughable for cypherpunks to basically not support some of the most important cryptography around. You are hardcore because of your trolling, and cypherpunk because you are on this list.

But I get it. What you want is a cypherpunk mailing list full of obama supporters - like you. Did I get that one right?

I guess it's too much for someone to openly say they aren't 100% sure how to solve the worlds problems or if we can, and doesn't want to affiliate with any specific "ism" prison.

...

who act like pretty much every free cryptography program is US propaganda somehow. If juan is an agent, he is doing his job very well.

Thanks.

...

Many people in the govt. think they are doing good, and to be honest a good deal of them are.

Humor me. What word do you use to describe your political beliefs?

The problem is one word could never do justice to a diverse, changing view of the world. I tend not to have "political" beliefs anyway, unless you count staying away from politics. My friend is a volunteer firefighter, and most of the firefighters in USA are volunteers. They have a town logo on them, but they are not evil.

...

This coming from someone who thinks healthy society could exist without a government.

Oh OK. You are a fucking nutcase who fancies himself an anarchist while he praises the US government.

again, none of these things are true. My main point was black/white arguments against the government are unrealistic and childish, and can't hope to convince people that it is reasonable to question their society. I was hardly praising anything. What I said about people thinking they are doing good still stands. Ask any police officer, they will think that they are protecting and serving the public. Whether or not that is the actual role of their position. When anti-authoritarians (or anarchists, or whatever people here are) come off as haters of the meany evil poo-poo US government and all of its villians, who will take them/us seriously?

I rest my case.

...

Citizens think the government is on their side too, and it's not that they are simply brainwashed. There are no mandatory telivision hours where you have to watch govt propaganda, the two main sources of it are in the msm (TV), and at school while the child grows up. It isn't north korea, or 1984.The citizens don't feel forced, most of them, and it's because the government has this habit of NOT being an evil, creepy death cult most of the time. The bad stuff happens away from the public view including the stuff y'all have mentioned like the CIA mercenary armies and fiddling with regimes after WWII.

...

It has apologists of the US marines.

It has high ranking scumbags from the CIA.

It has commie 'anarchists' who are offended by (and would love to silence) people who badmouth the marines' apologists.

False. I wouldn't have interjected because then I am contributing to the problems of this mailing list, but don't keep telling fabrications about me please.

Literally every statement in that sentance is a lie about me. Not cool.

...

And NOW it also has a google and cloud apologist. Welcome Stephen =) You are yet another reason to distrust the FLOSS movement and its bloatware.

It's amusing how Juan picked up the "apologist" term from my emails and is now using it incorrectly.

-nick

On Tue, 21 Jul 2015 21:40:51 -0400 Nick Econopouly <nickeconopouly@gmail.com> wrote:

Interestingly enough, a lot of anarchist theory agrees with what I said- The idea that people are like blank slates and not good or evil.

No, that's not what the 'blank slate' metaphor is about. 'blank slate' is a name for the view or doctrine that the 'mind' doesn't have any kind of innate knowledge and that everything comes from experience. In the moral realm it would mean that people don't have INBORN ideas of good and evil BUT that doesn't mean that the concepts are meaningless. Only that they are acquired later in life as the mind develops. On the other hand, the people who don't regard actions as good or evil are amoralist psychos. Nothing to do with anarchism.

It says that people are influenced by the world around them and that is what determines their morality, etc.

Sure. 'anarchism' is amoralism. Slavery? Just a historical custom. War? An innocent mistake. Well not a mistake since truth and error are also 'social constructs' - or something like that.

I was hardly praising anything. What I said about people thinking they are doing good still stands. Ask any police officer, they will think that they are protecting and serving the public.

1) that is false. While a 'majority' of your beloved psychos may say that, not necessarily all do. Actually I wouldn't be surprised if the majority admitted **off the record** that they are scumbags who love to boss people around and even get paid for it. 2) even if the majority of cops *said* that they regard themselves as the good guys, so fucking what. Hey. Now I'm a pink elephant. Because I say I'm a pink elephant. J.

Dnia wtorek, 21 lipca 2015 01:07:55 Juan pisze:

Hey. *Now* I get it.

This mailing list has a lot of tor-tards who are apologists of the pentagon's propaganda and spying efforts.

Well, I wouldn't call you a "tor-tard", but if you insist... -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147

Dnia poniedziałek, 20 lipca 2015 19:40:52 Steve Kinney pisze:

On 07/20/2015 05:53 PM, Stephen D. Williams wrote:

...

I hold multitudes. I am in one thread totally cypherpunk, and have been for a very long time. There are innumerable ways to compromise and be compromised for all kinds of good and mostly bad reasons. Perfect protection is tough for in many ways and we should keep striving to get closer to that ideal security stance.

On the other hand, life is a balance. I probably shouldn't have tried to make the point here, but it is something a security professional should understand well: The right amount of security should be moderated by the tradeoff of costs vs. overhead vs. maximizing benefit vs. minimizing loss. Security stances change over time and aren't necessarily accurately reflected by paranoid absolutism.

Right you are, in "security" context is everything. My take on the Cypherpunk Way is, start with design concepts for maximum security (!= absolute security), then trim the security constraints back just enough to permit useful work to be done on a cost effective basis.

This should also be the case with privacy. Start with maximum privacy and trim down if absolutely *needed*. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147

On 7/20/15 4:56 PM, Zenaan Harkness wrote:

On 7/20/15, Stephen D. Williams <sdw@lig.net> wrote:

...

On the other hand, life is a balance. True. I'm thinking individuals here.

...

I probably shouldn't have tried to make the point here, but it is something a security professional should understand well: The right amount of security should be moderated by the tradeoff of costs vs. overhead vs. maximizing benefit vs. minimizing loss. Corporations are bound to their economic imperative to make such trade offs. This is the heart of their sociopathic nature. This is the part of corporations/ companies which needs, somehow, to change in order to get this world on a better track.

...

...

It is terrible that some companies have been too eager to share information. They may or may not have believed whatever safeguards were in place, or not cared, etc. I'm sure a high pressure meeting with an FBI crew who are strongly playing the terrorism angle is persuasive, as it should be, up to a point. Here's the kind of talk that looks like a hole freshly dug.

Perhaps if there is an actual existential threat to someone's life or some building (let's please stop using the T word), then "high pressure persuasion" would be adequate for a court order anyway. As it should be - up to the point of a subpoena, summons and/ or order to perform or act - to handle the actual problem.

You seem though to be normalising behaviours and approaches and "high pressure persuasion" tactics by government departments, in a generalised way. You might not be intending the things you imply/ say,

You're making an unqualified assumption about my unqualified qualifier "up to a point"...

but don't be surprised when such positions are mocked or ridiculed. Don't take such blow back as personal at all though - it's the "normalisation of bad" and "plainly wrong/ evil" which is being attacked for the bullshit it is.

Feel free. I totally mock and rail about it too. I can see several sides to this, and I've been on enough "sides" of these problems, at least in some weak sense, to have some model of decision making by people in those roles. Poor decisions are understandable until there are enough cases, noticed and confronted, to make the right path clear. We're getting a lot of those lately. EFF, SPLC, ACLU, and others, sometimes including commercial entities, are providing an invaluable service of evolving both the law and internal commercial and government policy. Hacking the system cleverly and deliberately is one of the cooler forms of hacking.

...

And companies holding your data can actually look at that data for business purposes, Perhaps try something this instead: "And for-profit therefore sociopathic-by-nature companies do massively collect your metadata AND your personal information, with or without your consent, and are well leaked and reported to use and abuse all your data both within and beyond the law, beyond your expectations, and beyond what many people consider ethical."

A few quibbles: for-profit is sociopathic-by-default perhaps, although even there you are assuming some socioeconomic system. You're also glossing over whether and when consent is an issue. People in public places sometimes believe that others need consent to take their picture; generally not true. Is it rude to take your picture and does rudeness matter? That depends. "Beyond your expectations" is also problematic: How could any possible expectation ever be said to be adhered to? Perhaps "generally accepted fair use as defined by EFF" or something (if there is such a thing) might be reasonable. What is the definition of "many people"? If you use language that can never be satisfied in any reliable way, you can't really complain that an entity isn't satisfying it.

See what we did there? We made it personal, giving a slight hope to the uninitiated to realise something they did not realise before. We

Education is always good. Don't infect others with pathological paranoia, but a healthy understanding of risks and exposures is always good.

highlighted some foundations (for profit being inherently

Not inherently. Social, economic, legal, contractual, and other cultural systems allow, disallow, guide, and control people in their interactions. The US, for instance, has always been a place where there were many unwritten rules of operating in business. Some have run roughshod over those, sometimes reaping unjust rewards and/or changing what is acceptable, but there are always things that could be done that just aren't. Further, a particular entity could impose upon itself, by charter, culture, or customer agreement, a more stringent stance than others. There could be mechanisms that audit or otherwise control this. You get what you optimize for. If you have a default corporation controlled by weak, shallow leaders and driven by shallow, blind Wall Street numbers, then the result is likely to be sociopathic. On the other hand, however imperfectly or incompletely, certain companies have a founder-driven culture of a far more empathic nature than this default, whether they be different or have a stated desire to not be evil. Both of those companies largely care about users in some strong sense, much unlike certain other highly and chronically annoying entities.

sociopathic). We reminded the reader that their consent is often not obtained (yes, we can argue about implied consent, the point is we're edumacating). We make the assertion that companies actually abuse all that data (whatever "abuse" might mean), just in case someone missed the memo.

One person's use is another person's abuse. People should be aware.

With all this, we are also implying that this abuse is wrong.

Abuse is wrong, use may not be. Sometimes depends on where you stand. Some types don't have agreement. Plenty of people hate the idea of automated ad filtering based on the content of email or chat or other activity. There are things that could go wrong with that if it gets to a human or is gamed, but properly done anonymously, it can be fine: I'd rather get timely ads I may care about than the much larger set of uninteresting dreck. I actually suggested doing exactly this with AOL chatrooms in about 1996. This is a good example of good education vs. bad education: If you say "This could be misused or leaked in a way that could be a problem if a company isn't careful, and here is a scenario..., and here is how that could be handled better..." that's fine, especially if a company can indicate the level of care & security they're currently employing. If you say: "Google is reading your email, sending it to every company that wants to buy it for a few cents!" that's disingenuous at best and dangerous to certain people's mental state at worst.

Your version sounds like you are -trying- to normalise the wrong, justify the bad, and 'accept the new messed up world order as best we can'. We hear enough of that from others. And I saw NO to that abuse! Give me justification for abuse, at your peril!

I was mainly talking about making realistic decisions without a value statement for current practices, which we are all going to have different opinions on since they aren't public. We should have some taxonomy of the nature of those abuses, with consensus lines drawn as to what we all find acceptable or not acceptable, why, and what mechanisms best resolve the issue.

...

although how they use it is somewhat bounded by privacy laws (however incomplete), not making private things public, unfair business practices, etc. My point was that the existence of large, valuable services that depend on a lot of trust is, or should be to a "should be" trustworthy?

Some are not at certain points, or all are not at some points, or only mine is as far as I know. Take your pick.

They're companies. You've missed the bloody memo. And a very bloody memo the corporate record is, for decades and across industries!

Have you noticed the difference in nature of various companies over time?

...

sane entity, an even stronger incentive to behave than the patchwork of laws. You're not grokking the incentive. It's profit. And it's more than an incentive, profit is the foundational company-constitutional imperative for companies (funny that).

This is why companies can NOT be trusted. You seem to be missing this basic point. Do you own a company?

Of course; it may not be worth anything, but I do actual work. You don't? You're not doing your taxes properly if not... ;-) Who CAN be trusted? At some level, no one, but we've already established that in the real world, you generally have to trust people all the time. Are you sure you are applying your distrust criteria in a comprehensive and rational way?

...

Past oversharing, then embarrassment and public abuse, coupled with product impacts as they lose sensitive customers, has almost certainly caused a cleanup of those attitudes. I'd be interested in the actual policy right now, although I doubt they are going to be too explicit. I suspect that it also varies heavily by corporate culture. Some companies start with good policy, and good public stance, most significantly in this conversation, Google itself - "do no evil". They don't say that any more. They can't. Did you ever wonder why they stopped saying that?

They pretty much still do. And it is silly to say they can't. They are a relatively giant company. Mistakes happen. What mistakes are they making now? https://www.google.com/about/company/philosophy/ You can make money without doing evil.

...

Every day, you are somewhat at the mercy of dozens and perhaps thousands of people who could cause you pain, suffering, or death if they were so inclined. There are many in the government, schools, employer personnel departments, medical and insurance companies, etc. The people driving around you, stopped at a light while you cross the street, making your food, they all have access and the ability to inflict misery on you. You have to trust someone to some extent. Trust is a relevant foundation to community/ society, sure.

But now you've segued into personal. Which is a good place at times, an effective place. It's more tangible for people.

But here we were talking about companies. I would ordinarily presume your trust formula is different for companies that it is for actual, you know, humans.

I suggest not overloading corporate rights, corporate trust, with human rights, human trust. Not particularly useful in our context.

All companies that I know about are filled with people. They may be sheeple a little too often (I have permanently fired ATT Mobile (formerly Cingular) for refusing to issue a refund to my son when they screwed up "because the policy prevents us".), but it is personal at some level. You are trusting that the Comcast installer is not a murderer, that the banker isn't stealing from you, and that the well-paid Google engineer has better things to do than to eavesdrop on you.

...

The question is who you trust, how incentivized they and the people / organization around them protects you, whether wrongs will be limited, corrected, and righted or not. A rational approach is warranted for sure.

Companies, and in most cases humans working for them, are predominantly incentivized by money. Yesterday I read an article on

Whether all are, or even a predominant amount are, is questionable. Many people care about customers, their career, mission, etc. Money is only an issue occasionally.

the Great Wall of China. Incredible vision, so many centuries of building. But when it came down to the time it was 'needed', due to there being only so many sentries, and so far spread out, and the sentries paid so little, when the marauding Mongols wanted in, to do some marauding, they just bribed a sentry or two. Apparently same with the Europeans in more recent times. So, incentivized people were, secure, wall was not. The biggest security theater.

I think the great wall may have been useful psychologically though... to encourage a mindset of unity in the people within.

...

For a long time, as a contractor at the peak of their heyday, I had access to AOL's entire user database, complete with name, address, full credit card info, phone numbers, etc. I could have also snooped on their Buddylists, their person-to-person video (Instant Images), and a lot more. There was zero chance that I would abuse any of that. Your ethics are admirable. I share your personal intentions. I don't trust companies though, except to plunder markets to the maximum profit possible.

There are some who have acted that way, for sure. I have my black list. Others try. They deserve a little credit, and help when possible.

Zenaan

...

sdw

sdw

...

On 7/20/15 2:07 PM, Juan wrote:

...

cypherpunk :

https://www.wikileaks.org/Op-ed-Google-and-the-NSA-Who-s.html

"Google and the NSA: Who’s holding the ‘shit-bag’ now?"

Not-cypherpunk-at-all :

...

2015-07-19 2:22 GMT+09:00 Stephen D. Williams <sdw@lig.net>:

I feel perfectly confident that Google is going to protect their billions in income and valuation by being very careful with avoiding abusing their data or users in any strong sense.

-- Stephen D. Williams sdw@lig.net stephendwilliams@gmail.com LinkedIn: http://sdw.st/in V:650-450-UNIX (8649) V:866.SDW.UNIX V:703.371.9362 F:703.995.0407 AIM:sdw Skype:StephenDWilliams Yahoo:sdwlignet Resume: http://sdw.st/gres Personal: http://sdw.st facebook.com/sdwlig twitter.com/scienteer

On 7/20/15 11:08 PM, Shelley wrote:

On July 20, 2015 2:17:54 PM Juan <juan.g71@gmail.com> wrote:

...

cypherpunk :

https://www.wikileaks.org/Op-ed-Google-and-the-NSA-Who-s.html

"Google and the NSA: Who’s holding the ‘shit-bag’ now?"

Not-cypherpunk-at-all :

...

2015-07-19 2:22 GMT+09:00 Stephen D. Williams <sdw@lig.net>:

I feel perfectly confident that Google is going to protect their billions in income and valuation by being very careful with avoiding abusing their data or users in any strong sense.

Yes Juan, thank you for posting this link! This isn't even new, we just got proof in that Stratfor email dump. Anyone who can read that and want to have anything to do with google in any capacity is insane. Read the whole linked conversation, if you haven't. It's quite disturbing and enlightening.

This is a good link to send around to the sHillary bots, too. Not that it'll make a difference. It's Giant Douche and Turd Sandwich all over again, and if voting really changed anything they'd make it illegal.

Just for fun, I reread this. Based just on the text of this page, there is little that is really a gotcha of any significance. A bunch of well-placed, powerful people know each other, bla bla. Google Ideas is trying to spread access to the Internet far and wide and, like any US citizen or company should, consults with the State department when doing anything with a non-first-world-country. The CIA might also want Internet access far and wide in those countries, perhaps for fairly great reasons: general education, anti-propaganda, etc. A modern, educated, liberal technologist wants to counteract extremism with education in any way feasible, oh my. The government is paying for services they are using? Is that unusual? Where is there something that is actually illegal, regressive, or otherwise actually a problem? Plenty of innuendo and situations that could potentially be bad, but where's the meat? I like Wikileaks at all overall. Very entertaining, and some people should stay organized while heavily scrutinizing those in power to detect and expose abuse, or even the appearance of abuse. But I'm not confused by this kind of innuendo and imprecise characterizations. Be specific and clear about what exactly was wrong. What was the specific harm? What should people have done instead?

-S

sdw

I happen to know someone personally who went to one of the largest social networks out there, and just asked if he could have full backend access to play around and go data mining. They didn't bat an eyelid and gave him access to the kind of data you don't get even from the paid API. This guy happens to be exceptionally convincing, but he wasn't being disingenuous; he literally just promised to fish around and see if he could find and visualise any cool stuff, and they opened up. So, no. Your data isn't remotely safe, not even a little bit. On 19/07/15 01:42, Zenaan Harkness wrote:

On 7/18/15, Stephen D. Williams <sdw@lig.net> wrote:

...

I feel perfectly confident that Google is going to protect their billions in income and valuation by being very careful with avoiding abusing their data or users in any strong sense.

Wellp, see here now sonny ... a little bit of gennel abuse now, that's ok now ya here me son? Just a little slap if she says no 'll bring her right into line, and short or long of that, these here 4 gennel silky cuffs - tie em reel gennel like, and them users aint ever gonna notice. Once they's hog tied in a nice soft and golden cage of online service, they don't know what data been inserted and sold no where.

...

You listenin ta me son?!!

.

Stop picken your nose!

-- Scientific Director, IndieBio EU Programme Now running in Cork, Ireland May->July Learn more at indie.bio and follow along! Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: cathalgarvey

* Georgi Guninski:

You should be aware of the numerous virtualization sploits -- Xen, Qemu, possibly others.

Exploiting a virtualization bug is just the fee "to be in cloud" and I _suspect_ more efforts are needed for my boxen.

Not all service providers hand you the capability to run arbitrary code to run VM exploits, so you have to exploit an application bug first. (And the application may even run on bare metal.) Service providers can also provision VMs in such a way that customers can only attack themselves.

I consider service providers' access to my data a problem in and of itself.

Sure, this is a valid position. But as we have seen, most organizations do a poor job of controlling their data in-house. Right now, an external service provider can often exceed quite easily the data controls such organizations can provide, and that alone might can make it a net win to move the data off premises.

On Sun, Jul 19, 2015 at 10:15:38AM +0200, Florian Weimer wrote:

* Georgi Guninski:

...

You should be aware of the numerous virtualization sploits -- Xen, Qemu, possibly others.

Exploiting a virtualization bug is just the fee "to be in cloud" and I _suspect_ more efforts are needed for my boxen.

Not all service providers hand you the capability to run arbitrary code to run VM exploits, so you have to exploit an application bug first. (And the application may even run on bare metal.)

Service providers can also provision VMs in such a way that customers can only attack themselves.

Really? Isn't this too expensive for times of crisis like this? Anyway, me conjecture that there are plenty of bugs alive.

On 7/19/15 5:25 PM, Troy Benjegerdes wrote:

On Tue, Jul 14, 2015 at 11:52:03AM -0400, dan@geer.org wrote:

...

Discussing security policy post-OPM debacle in a setting to which I have access (sorry to be oblique), it was said by a CxO "We have to prepare for the day when no software we depend on is run on premises."

I did not handle this well (think sputtering as an alternative to white rage). At the same time, I am probably in a bubble in that I suspect that nearly everyone I see with a computer (of any form factor) is already in that situation or, save for Javascript piped in from the cloud to run locally, soon will be -- denizens of this list and a few others excepted.

Echoing Lenin echoing Chernyshevsky, "What is to be done?" or, perhaps, "Is anything to be done?"

--dan The same thing we did in the old days.

Install an IBM mainframe.

https://www.techwire.net/the-mainframe-lives-on-an-industry-perspective/

The only place the 'cloud' makes sense is if you are Amazon or Google and you want to sell your excess computing capacity to suckers who can't afford to buy their own computers.

If you actually do capacity planning and maybe do something like apply modern devops to mainframe platforms, you can actually get some economies of scale running your mainframe on-site.

It will probably cost less than what that CxO's got paid under-the-table in a rigged altcoin pump-and-dump orchestrated by the cloud service provider.

Traditional corporate onsite compute, storage, network, security, software (Oracle etc.) is almost always extremely expensive. While a raw hard drive may be inexpensive, if you buy it in an EMC or mainframe storage array, you are going to pay many multiples more per GB, compute minute, etc. And, if you bought anything more than you actually use, you're being very wasteful. Parts of the cloud revolution are rapid just in time purchase, deployment, change, new scalable methods, etc., but economically, it is often tremendously less expensive than a commercial solution plus the support staff to make it work. In the most efficient traditional local deployment possible, this may not be true initially, but for the vast majority of mediocre corporate IT departments, it is very true. If you are large and/or savvy enough, the thing to do is to borrow cloud system methods and run a cloud for yourself. Currently, that's not completely easy or turnkey. At some point, we should get to a clean utility computing model, but it will take a few more generations of evolution. sdw

On 7/19/15 7:13 PM, Troy Benjegerdes wrote:

On Sun, Jul 19, 2015 at 06:58:18PM -0700, Stephen Williams wrote:

...

.. If you are large and/or savvy enough, the thing to do is to borrow cloud system methods and run a cloud for yourself. Currently, that's not completely easy or turnkey. At some point, we should get to a clean utility computing model, but it will take a few more generations of evolution.

sdw

IBM would tell you the z13 is the best platform to run a cloud on. Claims are you get 8000 or so cloud servers per machine [1]. I'm sure fujitsu or some other vendor will sell you something equally expensive in the same 'mainframe' class that can virtualize like that.

A lot of what I hear about 'cloud' and virtualization are things that were first deployed in 1970's-ish on mainframes.

Now, you're absolutely right that a 1TB hard drive that has been qualified to work with that machine will cost about 10x what you can get at staples.

It's 10x for the drive, another 10x for the box to put it in, another 10x for a license for the software to get to it, ... (Roughly. ;-) ) You can be nickle and dimed up front or over time. In the latter case, it will continue to get more competitive and begin to have local systems with the same characteristics. How much does an additional 4TB of storage for a z13 cost?

But the point about mainframes is they are built to have lots of *memory bandwidth*, and a 'compute minute' on a Z13 is going to process a lot more transactions and write them reliably to that overpriced disk than any cloud solution is ever going to do.

Most cloud systems fall into the embarrassingly parallel category. Many smaller, cheaper, cooler units completely outclass, in price and scalability, bigger, faster, higher bandwidth solutions, unless those are built inexpensively with smaller, cheaper, cooler units. We're finding out whether medium sized (Intel/AMD desktop / server class CPUs) or small (ARM mobile chipsets) are going to scale better, but either way, a many node system has an aggregate memory bandwidth that dwarfs old-style mega CPU systems. It's not clear, but it appears that the z13 is just an integrated cloud-style clustered system with a bunch of nice added features[2]. If so, which is the only way it could compete on scale and cost, it is a branded cloud system. Would it really be less expensive to operate than an Open Compute local cloud? Probably only if you made a lot of assumptions about overhead, etc. The z13 looks cool, and has a lot of interesting features. It will be interesting to see how it does.

You just have to be ready to write a check for a couple of million if you want one of these things on-site, and that's why the cloud exists, for the folks that either don't have that kind of money, or don't understand why they should spend it up-front, instead of getting nickel and dimed to death by cloud vendors and their hackers.

If you have the type of business where you know what you need and how much of it you need, you can competitively provision a local solution, although there are still plenty of ways to go wrong. And many do, IMHO. Many businesses have relatively modest needs, don't know what their growth will look like, etc. Large up front costs are bad in a lot of situations, as is committing to a certain scale when there is a lot of uncertainty. The number of businesses and organizations who fit that narrow situation are few and dwindling. Sales will be able to rope in plenty more for a while, but for many it is not a sane choice. Security breaks are mostly about passwords, trojans, spear phishing, zombie machines, etc. For every possible exploit of a cloud system, which at the infrastructure level should have well-funded security, I feel there are many more gaps in the typical local alternative: Sloppy, old Windows systems with a sloppy network, open to everyone file servers, poor access control, terrible custom programming, no significant physical security, etc. The best systems + networks + policies + personnel are more secure, everyone else is just lucky not to be targeted. This covers some of this territory: https://news.ycombinator.com/item?id=2482123

[1] http://www.computerworld.com/article/2872096/ibm-s-z13-and-the-case-for-the-...

[2] https://www-03.ibm.com/press/us/en/pressrelease/45808.wss sdw

So the interesting (and ominous?) question is which costs less: 1 mainframe or: 10,000 distributed multi-terabyte hardrives to store 1 terabyte of blockchain, and all the hashing power needed to secure the blockhain from attackers who can afford mainframes? Second question: Are you pricing in dollars or cryptocoins, cause it seems to me you get divergent answers depending on which one you use. Third question: does the blockchain still work when it shuts down overnight because the distributed power source sets? Or does control revert to the owners of the centralized power plants? On Sun, Jul 19, 2015 at 09:01:05PM -0700, odinn wrote:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

an ominous comment

On 07/19/2015 07:53 PM, Stephen Williams wrote:

...

On 7/19/15 7:13 PM, Troy Benjegerdes wrote:

...

On Sun, Jul 19, 2015 at 06:58:18PM -0700, Stephen Williams wrote:

...

.. If you are large and/or savvy enough, the thing to do is to borrow cloud system methods and run a cloud for yourself. Currently, that's not completely easy or turnkey. At some point, we should get to a clean utility computing model, but it will take a few more generations of evolution.

sdw

IBM would tell you the z13 is the best platform to run a cloud on. Claims are you get 8000 or so cloud servers per machine [1]. I'm sure fujitsu or some other vendor will sell you something equally expensive in the same 'mainframe' class that can virtualize like that.

A lot of what I hear about 'cloud' and virtualization are things that were first deployed in 1970's-ish on mainframes.

Now, you're absolutely right that a 1TB hard drive that has been qualified to work with that machine will cost about 10x what you can get at staples.

It's 10x for the drive, another 10x for the box to put it in, another 10x for a license for the software to get to it, ... (Roughly. ;-) ) You can be nickle and dimed up front or over time. In the latter case, it will continue to get more competitive and begin to have local systems with the same characteristics.

How much does an additional 4TB of storage for a z13 cost?

...

But the point about mainframes is they are built to have lots of *memory bandwidth*, and a 'compute minute' on a Z13 is going to process a lot more transactions and write them reliably to that overpriced disk than any cloud solution is ever going to do.

Most cloud systems fall into the embarrassingly parallel category. Many smaller, cheaper, cooler units completely outclass, in price and scalability, bigger, faster, higher bandwidth solutions, unless those are built inexpensively with smaller, cheaper, cooler units. We're finding out whether medium sized (Intel/AMD desktop / server class CPUs) or small (ARM mobile chipsets) are going to scale better, but either way, a many node system has an aggregate memory bandwidth that dwarfs old-style mega CPU systems. It's not clear, but it appears that the z13 is just an integrated cloud-style clustered system with a bunch of nice added features[2]. If so, which is the only way it could compete on scale and cost, it is a branded cloud system. Would it really be less expensive to operate than an Open Compute local cloud? Probably only if you made a lot of assumptions about overhead, etc.

The z13 looks cool, and has a lot of interesting features. It will be interesting to see how it does.

...

You just have to be ready to write a check for a couple of million if you want one of these things on-site, and that's why the cloud exists, for the folks that either don't have that kind of money, or don't understand why they should spend it up-front, instead of getting nickel and dimed to death by cloud vendors and their hackers.

If you have the type of business where you know what you need and how much of it you need, you can competitively provision a local solution, although there are still plenty of ways to go wrong. And many do, IMHO. Many businesses have relatively modest needs, don't know what their growth will look like, etc. Large up front costs are bad in a lot of situations, as is committing to a certain scale when there is a lot of uncertainty.

The number of businesses and organizations who fit that narrow situation are few and dwindling. Sales will be able to rope in plenty more for a while, but for many it is not a sane choice. Security breaks are mostly about passwords, trojans, spear phishing, zombie machines, etc. For every possible exploit of a cloud system, which at the infrastructure level should have well-funded security, I feel there are many more gaps in the typical local alternative: Sloppy, old Windows systems with a sloppy network, open to everyone file servers, poor access control, terrible custom programming, no significant physical security, etc. The best systems + networks + policies + personnel are more secure, everyone else is just lucky not to be targeted.

This covers some of this territory: https://news.ycombinator.com/item?id=2482123

...

[1] http://www.computerworld.com/article/2872096/ibm-s-z13-and-the-case-f

or-the-mainframe-cloud.html

...

[2] https://www-03.ibm.com/press/us/en/pressrelease/45808.wss

sdw

- -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEcBAEBAgAGBQJVrHKBAAoJEGxwq/inSG8CT1kH/RNkbCsjWcyz+vvNnzi5rf/z oF8DdZq3ed+eDQGfu8QstUdIjQRJN3oHBXODF0JZmkBwMfuEQmUpel7x6olQf5fi BWKR+Eb3Y5tz/sopmAFohvpqtm6P8MFuRt98mK1Iv30AkF272Bme+NgIcGaVQupJ Z2mmrFrteScIV6jFdcp/gkTi8KwYUoCv3tz2vN14As3U6zFR+ZIokSXyel6ETiqO cxd/NYK01MgEHaNZFL5/6CcxDmFZ8drmjrN0ngUSSDCYMBGqb+5Sk6Widtw59Ucz gV7EKa39+dZGMUQszyuKq9ZJgI/5Zgw2TWFETTNO93dEO7+gjfvzwjJSPAh0lXo= =j/49 -----END PGP SIGNATURE-----